Security Inquiry

Skip to first unread message

Daniel F

Nov 7, 2022, 8:45:45 AM11/7/22
to OpenRefine Development
Good Morning! I initially posted in the OpenRefine group and was directed to the dev group.

I am performing a risk assessment for the use of this product on behalf of my organization. I've reviewed documentation relating to CI/CD testing with and the Security tab on GitHub.

-In addition to these measures are there any security validation checks or code review for vulnerabilities that takes place internal to the development process?
-Would you consider including a hash with product downloads on

Thank you for you time.

Antonin Delpeuch (lists)

Nov 25, 2022, 4:21:32 AM11/25/22
Hi Daniel,

Sorry for the delay in replying to this.
- pull requests are reviewed with security in mind, as a part of the
normal development process
- hashes have been published for some releases in the past but this has
not been systematically done because of the overhead it incurs on the
release process. But I am hoping to be able to automatize that and
publish such hashes on our website. I have opened a ticket about this:

Note that this mailing list is closing soon but feel free to reach out
on the forum for follow-up discussion:

> <>?
> Thank you for you time.
> --
> You received this message because you are subscribed to the Google
> Groups "OpenRefine Development" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
> <>.
> To view this discussion on the web visit
> <>.

Reply all
Reply to author
0 new messages