oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity
music player daemon (fork)
17,537 Commits 1 Branch 144 Tags 56 MiB
C++ 94.4%
Meson 2.8%
Python 1.4%
Java 0.6%
Kotlin 0.5%
Other 0.2%
8b1ff3f005
Go to file
Alex 8b1ff3f005
build: harden build.yml permissions 
This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case.

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-12-09 11:28:26 +01:00
.github build: harden build.yml permissions 2022-12-09 11:28:26 +01:00
android Merge branch 'v0.23.x' 2022-11-08 14:36:09 +01:00
build build/pkg-config.sh: add comment 2019-02-22 12:39:59 +01:00
doc lib/icu/Canonicalize: convert all punctuation to ASCII 2022-11-15 21:04:16 +01:00
python/build python/build/libs.py: re-enable verbose error strings 2022-11-28 16:12:17 +01:00
src neighbor/meson.build: add missing dependency on libfmt 2022-12-01 15:57:28 +01:00
subprojects subprojects/.gitignore: ignore liburing 2022-11-12 12:40:44 +01:00
systemd systemd: use PrivateUsers= in user unit 2022-11-03 23:11:13 +00:00
test util/IntrusiveHashSet: make several methods const 2022-12-01 15:10:13 +01:00
win32 {android,win32}/build.py: make stdout/stderr unbuffered 2022-08-08 23:48:23 +02:00
.clang-format Add .clang-format 2020-05-27 18:58:55 +08:00
.gitignore .gitignore: add emacs lsp-mode files 2020-05-26 21:07:56 +02:00
AUTHORS Copyright year 2022 2022-07-14 17:59:35 +02:00
COPYING Update the text of the GPLv2, this fixes the address and a few other oddities. 2008-12-20 19:02:09 -08:00
meson_options.txt Add (resurrect?) doxygen support. 2022-02-20 10:42:39 -08:00
meson.build util/OptionParser: move to cmdline/ 2022-11-29 11:32:16 +01:00
mpd.svg import MPD SVG icon 2014-07-14 19:04:46 +02:00
NEWS Log, client/Response, io/BufferedOutputStream: drop support for libfmt < 7 2022-11-28 20:17:16 +01:00
README.md doc, README.md: update IRC server name/URL 2021-06-23 15:48:42 +02:00
valgrind.suppressions valgrind.suppressions: add GObject/libgcrypt/libsmbclient suppressions 2019-02-05 22:53:02 +01:00

README.md

Music Player Daemon

http://www.musicpd.org

A daemon for playing music of various formats. Music is played through the server's audio device. The daemon stores info about all available music, and this info can be easily searched and retrieved. Player control, info retrieval, and playlist management can all be managed remotely.

For basic installation instructions read the manual.

Users

Developers

Legal

MPD is released under the GNU General Public License version 2, which is distributed in the COPYING file.