If you're telling dirty jokes, there are many flavors and those ive' mentioned are not special.
This is example. There are _bad_/_hard_/_dark_ jokes about women, grandmas, blacks, whites, east-asia. They have place - unless you're harming someone they are _ok_ for situation.
But only for situation. When recorded, stored and reheard years after it's not longer that situation.
By recording, you're basically extending every private situation to infinity.
People in private situation, in close groups behave in ways they consider private - they cross boundaries, they "challenge" authorities/boundaries and it's ok.
It's not ok to take this freedom by assuming you can't say anything controversial in any setting.
Its not about saying illegal things. It's mostly about saying things that can get you canceled in future in future culture.
Dark jokes and strong opinions are example - you something filthy - let's say dark Holocaust/Nazi joke but funny in situation In group that accept it and it's ok. But if it's recorded, it'll stay forever and will surface in most unexpected moment, like job interview or some other screening by gov/corpos.
Don't say that dirty jokes should be punished in future if in given situation they were received as ok and only later someone else, not in situation is going to judge it
when I entered site, all bubbles contained dicks/balls and combination of these... so... someone found words that are not banned, but still abused forum in most primitive way ..
you're wrong, moderation is needed in ventures like this
(even if sufficiely smart attacker would find the key somewhere and skip this kind of prodection, not sure where but write-allowing-key it must exist somewhere in runtime if actions/cache can us it)
Someone else on this thread:
> On GitLab even if you set the same cache key it will not cross between unprotected and protected runs.
> This is a critical insight: SLSA provenance confirms which pipeline produced the artifact, not whether the pipeline was behaving as intended. A compromised build step can produce a validly-attested but malicious package.
They basically confirm that this whole provenance only proves origin. That origin was broken/flawed and was coerced to do something bad. (?)
Again, untrusted workflows can't write anywhere - cache poisoning was they key problem. If cache would be clean, release build/run would be clean too.
Well, one of simplest mitigation is that `pull_request_target` jobs shouldn't have access to write to cache, they can read for performance, but not write.
To extrapolate rule, the `pull_request_target` shouldn't have any ways to invoke external side effects.
In most strict scenario, they shouldn't have access to network at all ... or only to GET <safeUrl> - where safeUrls are somehow vetted previously on main, derived from yarn.locks and similar manifests. Pita to setup, no wonder nobody does that.
I can only juggle 3, but I prefer clubs. Balls are so boring they are so small and not spectacular. Clubs on the other hand, man they are rotating. Once, twice, treetimes, backwards. I believe that if someone stuck at this basic level of juggling 3 balls, he should try clubs - at least for me it's pure satisfaction watching these rotating in various variants before.
Good to hear, some countries already have some privacy laws protecting is from this type of products. Anyone has share more specifics about those laws, how's that they are effective in this case (unlike GDPR which is annoying and usually toothless).
Rest of us have some chance to stand against persuasion.