starred/act
1
0
Fork 0
mirror of https://github.com/nektos/act.git synced 2026-04-26 17:35:49 +03:00
Code Issues 289 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #6004] No Phone Home! #1315

New issue
Open
opened 2026-03-01 21:50:19 +03:00 by kerem · 3 comments
kerem commented 2026-03-01 21:50:19 +03:00
Owner
Copy link

Originally created by @oojacoboo on GitHub (Feb 11, 2026).
Original GitHub issue: https://github.com/nektos/act/issues/6004

Guys, we have package managers for checking versions. Is this really necessary? It's certainly not a great look having to dig into a repo to find out if it's doing any funny business.

Image
Originally created by @oojacoboo on GitHub (Feb 11, 2026). Original GitHub issue: https://github.com/nektos/act/issues/6004 Guys, we have package managers for checking versions. Is this really necessary? It's certainly not a great look having to dig into a repo to find out if it's doing any funny business. <img width="703" height="485" alt="Image" src="https://github.com/user-attachments/assets/48f9d216-fe51-4827-b226-2959557277d8" />
kerem commented 2026-03-01 21:50:19 +03:00
Author
Owner
Copy link

@codeafridi commented on GitHub (Feb 15, 2026):

is this real secutrity issue or just network protocols doing its work?

<!-- gh-comment-id:3904363557 --> @codeafridi commented on GitHub (Feb 15, 2026): is this real secutrity issue or just network protocols doing its work?
kerem commented 2026-03-01 21:50:19 +03:00
Author
Owner
Copy link

@oojacoboo commented on GitHub (Feb 15, 2026):

It's not network protocols doing it's work.... whatever that means. It's act sending API requests from your computer to their API server to report the version you're using and any system details. It's not necessary. There isn't any concern at the moment, as it's not sending any other information. But for an open-source lib, it's non-standard and a tad concerning that it was even considered a good idea.

<!-- gh-comment-id:3905434427 --> @oojacoboo commented on GitHub (Feb 15, 2026): It's not network protocols doing it's work.... whatever that means. It's `act` sending API requests from your computer to their API server to report the version you're using and any system details. It's not necessary. There isn't any concern at the moment, as it's not sending any other information. But for an open-source lib, it's non-standard and a tad concerning that it was even considered a good idea.
kerem commented 2026-03-01 21:50:19 +03:00
Author
Owner
Copy link

@ChristopherHX commented on GitHub (Feb 16, 2026):

Act as an "open-source lib" does not do that, this is part of package cmd used by the cli entrypoint. (Yes you called this project a library and not an "open-source executable")

I remember that windows defender flagging an act cli update that started creating an folder just by starting it with --help etc, somehow this defender warning/error in winget disappeared a week later and got released

No I don't control the domain, No I don't have access to any data collected by it, Yes my own version of act cli tool does not call this endpoint anymore

I might be biased due to approving this change years ago (have 100+ PRs merged here), my focus moved to my own version of the act cli tool that is currently at version v0.4.1 (soon v0.5.0) opposed to v0.2.x

<!-- gh-comment-id:3908905498 --> @ChristopherHX commented on GitHub (Feb 16, 2026): Act as an "open-source lib" does not do that, this is part of package cmd used by the cli entrypoint. (Yes you called this project a library and not an "open-source executable") _I remember that windows defender flagging an act cli update that started creating an folder just by starting it with `--help` etc, somehow this defender warning/error in winget disappeared a week later and got released_ _No I don't control the domain, No I don't have access to any data collected by it, Yes my own version of act cli tool does not call this endpoint anymore_ _I might be biased due to approving this change years ago (have 100+ PRs merged here), my focus moved to my own version of the act cli tool that is currently at version v0.4.1 (soon v0.5.0) opposed to v0.2.x_
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0
dependabot/go_modules/dependencies-08815e2262
mergify/configuration-deprecated-update
dependabot/github_actions/dependencies-a3a104477f
chore/simplify-ci-and-makefile
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
panekj/ci/improve-jobs
fix-skip-non-yaml-files-in-dir
normalize-pull-rebuild-flags
fix-no-recurse-by-default
2517-poor-error-for-incomplete-action-step
2472-make-use-new-action-cache-the-new-default-for-downloading-actions
act-tart
act-lxc
act-oidc
act-dind
avoid-slash-in-actor
dependabot/go_modules/github.com/docker/docker-26.1.4incompatible
meta-keep-filetime
local-repository-action-cache
pr-merger
update-docker-deps
follow_local_action_symlink
boltdb-lock-in-handler
use-socket-path
no-pull-no-rebuild
path-issues
fix/env
feat/podman
refactor/testdata
v0.2.87
v0.2.86
v0.2.85
v0.2.84
v0.2.83
v0.2.82
v0.2.81
v0.2.80
v0.2.79
v0.2.78
v0.2.77
v0.2.76
v0.2.75
v0.2.74
v0.2.73
v0.2.72
v0.2.71
v0.2.70
v0.2.69
v0.2.68
v0.2.67
v0.2.66
v0.2.65
v0.2.64
v0.2.63
v0.2.62
v0.2.61
v0.2.60
v0.2.59
v0.2.58
v0.2.57
v0.2.56
v0.2.55
v0.2.54
v0.2.53
v0.2.52
v0.2.51
v0.2.50
v0.2.49
v0.2.48
v0.2.47
v0.2.46
v0.2.45
v0.2.44
v0.2.43
v0.2.42
v0.2.41
v0.2.40
v0.2.39
v0.2.38
v0.2.37
v0.2.36
v0.2.35
v0.2.34
v0.2.33
v0.2.32
v0.2.31
v0.2.30
v0.2.29
v0.2.28
v0.2.27
v0.2.26
v0.2.25
v0.2.24
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
area/action

   
area/cli

   
area/docs

   
area/image

   
area/runner

   
area/workflow

   
backlog

   
confirmed/not-planned

   
kind/bug

   
kind/discussion

   
kind/external

   
kind/feature-request

   
kind/question

   
meta/duplicate

   
meta/invalid

   
meta/need-more-info

   
meta/resolved

   
meta/wontfix

   
meta/workaround

   
needs-work

   
pull-request

Mirrored from GitHub Pull Request

  
review/not-planned

   
size/M

   
size/XL

   
size/XXL

   
stale

   
stale-exempt
No labels
area/action
area/cli
area/docs
area/image
area/runner
area/workflow
backlog
confirmed/not-planned
kind/bug
kind/discussion
kind/external
kind/feature-request
kind/question
meta/duplicate
meta/invalid
meta/need-more-info
meta/resolved
meta/wontfix
meta/workaround
needs-work
pull-request
review/not-planned
size/M
size/XL
size/XXL
stale
stale-exempt
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#1315
No description provided.