this post was submitted on 15 Oct 2025
40 points (100.0% liked)

Open Source

46278 readers
31 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
40
GitHub provides feature for immutable releases (docs.github.com)
submitted 6 months ago by pylapp@programming.dev to c/opensource@lemmy.ml
7 comments fedilink hide all child comments
 

Immutable releases are releases where the assets and associated Git tag cannot be changed after publication. The use of this type of release increases security by blocking supply chain attacks.

Attackers cannot:

  • Inject vulnerabilities or malware into current project releases.
  • Make changes to assets and tags that may break developer workflows.

The releases tags and artefacts can be also cryptographically verified.

you are viewing a single comment's thread
view the rest of the comments
[–] mesamunefire@piefed.social 4 points 6 months ago* (last edited 6 months ago) (5 children)

So what happens when the files/code is attached to the immutable? Like a virus library bundled up forever in a release?

If the releases can NEVER be deleted, then wouldn't it be even worse for admins? Or am I missing something?

[–] pylapp@programming.dev 14 points 6 months ago (4 children)

You can delete a release. But you can’t change the associated tag and the attached artefacts.

[–] Lojcs@piefed.social 1 points 6 months ago (3 children)

Can you not create another release by the same name?

[–] pylapp@programming.dev 2 points 6 months ago

Title yes, but not tag.

load more comments (2 replies)
load more comments (2 replies)
load more comments (2 replies)