[tahoe-lafs-trac-stream] [tahoe-lafs] #2052: Automate testing of merge requests to streamline review.

tahoe-lafs trac at tahoe-lafs.org
Wed Aug 28 03:45:38 UTC 2013


#2052: Automate testing of merge requests to streamline review.
--------------------------+-----------------------------------------
     Reporter:  nejucomo  |      Owner:  daira
         Type:  defect    |     Status:  new
     Priority:  normal    |  Milestone:  undecided
    Component:  unknown   |    Version:  1.10.0
   Resolution:            |   Keywords:  dev-infrastructure buildbot
Launchpad Bug:            |
--------------------------+-----------------------------------------

Comment (by daira):

 Replying to [comment:9 zooko]:
 > I also don't think the security risks are dangerous. As long as the
 buildslave is running only code that has been indelibly committed to a
 publicly visible repository, then I don't think there is a lot of risk of
 an attacker going to all the effort of making a trojan patch and
 submitting it, in order to take over a buildslave. If that happened, it
 would be very interesting! It would be worth losing a buildslave (or a VM
 or whatever) just to see that happen.

 Ugh. I'm not at all happy about increasing the risks ''to buildslave
 operators'', relative to what they originally signed up for.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2052#comment:12>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list