sbp commented on issue #589:
URL:
https://github.com/apache/tooling-trusted-releases/issues/589#issuecomment-3802008025
Say we did the following instead:
```
payload = await validate_trusted_jwt(publisher, jwt)[0]
```
Or this:
```
payload, asfuid = await validate_trusted_jwt(publisher, jwt)
# ...
return payload, asf_uid, project, release
```
How would these be linted?
What these alternatives demonstrate is that raising an error on all ignored
variables would not catch this class of bug, because this is a _business logic_
bug and the validation of this kind of business logic exceeds the capabilities
of the linters that we have available. That's why we run these separate audits.
The individual bug here is now being tracked as #594.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
