@swtch.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Russ Cox

swtch.com

did:plc:a4slcmeql3w6vsdbjbcgxd3m

When your feature has its own dedicated name for exploits of it - namely pwn requests - you have failed at security. Very very badly. GitHub could also choose to do more about this. Most drastically, they could block pull_request_target from checking out the pull request code.

2026-04-06T13:46:00.114Z