[tahoe-lafs-trac-stream] [tahoe-lafs] #2052: Automate testing of merge requests to streamline review.
tahoe-lafs
trac at tahoe-lafs.org
Wed Aug 28 03:45:38 UTC 2013
#2052: Automate testing of merge requests to streamline review.
--------------------------+-----------------------------------------
Reporter: nejucomo | Owner: daira
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: unknown | Version: 1.10.0
Resolution: | Keywords: dev-infrastructure buildbot
Launchpad Bug: |
--------------------------+-----------------------------------------
Comment (by daira):
Replying to [comment:9 zooko]:
> I also don't think the security risks are dangerous. As long as the
buildslave is running only code that has been indelibly committed to a
publicly visible repository, then I don't think there is a lot of risk of
an attacker going to all the effort of making a trojan patch and
submitting it, in order to take over a buildslave. If that happened, it
would be very interesting! It would be worth losing a buildslave (or a VM
or whatever) just to see that happen.
Ugh. I'm not at all happy about increasing the risks ''to buildslave
operators'', relative to what they originally signed up for.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2052#comment:12>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list