I just used
travis setup releases to set deployment to GitHub release. It created:
deploy: provider: releases api_key: secure: IUObYmt2/MGFzjXeLkN89... file: dist/* ...
Is it OK to check in this .travis.yml with api_key to our public GitHub repository?
If so, what stops a bad actor from forking our project and then putting up bad releases on our peoject? Thanks! ((I understand the basic theory of public and private keys, but don’t know how it is used here.)