#github moreover wants you to do things which make it easier for #nsa (now GitHub management, #microsoft hired from there) to implant #backdoors in your project, even without you knowint it. They do this offline (code) and in vitro (compilation) when you outsource to Actions etc. Very, very bad. NO SERIOUS #security project should be considered legit if on GitHub.