[tahoe-lafs-trac-stream] [tahoe-lafs] #2072: decide whether to enable Travis-CI for the main Tahoe-LAFS repo
tahoe-lafs
trac at tahoe-lafs.org
Wed Oct 2 10:55:32 UTC 2013
#2072: decide whether to enable Travis-CI for the main Tahoe-LAFS repo
-------------------------+-------------------------------------------------
Reporter: daira | Owner: warner
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: dev- | Version: 1.10.0
infrastructure | Keywords: security travis github brians-
Resolution: | opinion-needed
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
I don't think the approach in comment:13 gives enough of a security
improvement to be worth the complexity or hassle when the token expires.
Shall we just give {{{travis-tahoe}}} admin access then revoke it after
the automatic hook setting as described in comment:12? If I understand
correctly, any undesired operations it did with the admin authority (well,
other than deleting the repo) would show up in the log for {{{tahoe-lafs
/tahoe-lafs}}} that is viewable through the github Web interface. Then,
after the revocation, any write to the repo would show up as a push
(possibly a force-push) by the {{{travis-tahoe}}} user, so it couldn't
write silently.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2072#comment:14>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list