You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current approach to file manipulation creates a real risk of leaking signatures to github.
After running the merge command in the Presigner flow (instructions, justfile), the signatures are added to the both the draft-NN.json and ready-NN.json files.
The ready files are git-ignored in the superchain-ops .gitignore, but the draft files cannot be because they need to be included as preparation for the signing.
The draft files should not be updated by the merge command, as this makes it too easy to commit and push them, which would expose them publicly
The text was updated successfully, but these errors were encountered:
Description
The current approach to file manipulation creates a real risk of leaking signatures to github.
After running the
mergecommand in the Presigner flow (instructions, justfile), the signatures are added to the both thedraft-NN.jsonandready-NN.jsonfiles.The
readyfiles are git-ignored in the superchain-ops.gitignore, but the draft files cannot be because they need to be included as preparation for the signing.The
draftfiles should not be updated by themergecommand, as this makes it too easy to commit and push them, which would expose them publiclyThe text was updated successfully, but these errors were encountered: