We’re getting to the point where we’re going to want to be using the Supervisor’s ability to watch a channel and use an update strategy to deploy a new version of a package (in this case a new release of an application).
We’re prototyping this, and things look good, but it does open the question of mitigating against the risk of bad (or just clumsy) actors putting things into a channel which don’t belong there.
Access to the ability to promote or place a package in a channel becomes the way to specify whether something is released - that’s a lot of power and responsibilty.
Any thoughts or experiences on how to control and audit access and use of this extreme power?