[tahoe-dev] Weekly Dev Hangout 2012-09-18
David-Sarah Hopwood
david-sarah at jacaranda.org
Thu Sep 20 01:52:14 UTC 2012
On 20/09/12 01:26, Brian Warner wrote:
> On 9/19/12 4:09 PM, David-Sarah Hopwood wrote:
>> On 19/09/12 22:06, Zooko Wilcox-OHearn wrote:
>
>>> 2. human check (to discourage abuse), human chooses whether to add a
>>> comment to the revision (not to the pull request) with the magic
>>> string "Buildbot: GO!"
>>
>> There was a discussion of whether the string needed to include a
>> commithash (so that the branch owner cannot add a commit after the
>> human review and before the build). We didn't come to a conclusion in
>> the call, but I think it should. Supporting that would also allow more
>> easily testing a revision that is not the head of a side-branch.
>
> One of the questions was how easy it'd be for developers to express
> their review.. making it fit comfortably into their workflow. Adding a
> comment on a github pull-request page is quick and easy, but doesn't
> necessarily nail down a specific revision, making it possible for a
> contributor to do a "bait-and-switch" sort of attack where they replace
> the pull-request branch with something malicious at just the right
> moment, and then get control of the buildslaves.
If I'm not mistaken, the first 40 bits of the commithash is shown on
the same page where you would be writing the comment, so it's just one
extra cut-and-paste, if we consider 40 bits to be sufficient.
(If we don't, it's a couple of extra clicks: right-clicking on the
40-bit hash and copying the link location gets you an URL that includes
the full hash.)
>>> 3. buildbot gets from github the merged-pull-request code
>>
>> ... or does the merge itself. That might be easier if we allow
>> specifying the commithash (since the merge with master is then
>> not necessarily the same as the one computed by github from the
>> branch head).
>
> Yeah.. we'd need to deal with the consequences of a failed merge (which
> might leave partially-applied patches lying around, requiring a clobber
> build), whereas if we delegate that test to github, we probably don't.
I don't understand; doesn't buildbot do a clone from scratch on every
build?
--
David-Sarah Hopwood ⚥
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120920/9626379a/attachment.pgp>
More information about the tahoe-dev
mailing list