No email on your profile visible unfortunately

visible now, apologies

No: Voys is a Dutch company with a South African counterpart. Their Dutch entity sued the Dutch government for not providing enough clarity on how mandatory call logs get processed on the government side.

I think they meant that the text "We even sue governments for protecting the privacy of our users" probably should have been "We even sue governments to protect the privacy of our users," or "...for not protecting the privacy...," etc.

That's indeed what they tried to say, but they translated it very Dunglish.

[1] blog story: https://www.voys.nl/blog/voys-wint-rechtszaak-van-agentschap...

Interesting that no hash/checksum verification has been added in their CI actions, like here, yet: https://github.com/codecov/codecov-action/blob/master/src/in...

Looks like a PR [1] was started 4 hours ago but for such a simple task not much progress has been made.

Security breaches happen. If it hasn't happened yet consider it luck. I'm disappointed by the lack of urgency in the response and failure to take nominal steps in improving their posture.

I hope this is a wake up call for them and other Saas companies.

[1]https://github.com/codecov/codecov-action/pull/282