[tahoe-lafs-trac-stream] [tahoe-lafs] #2072: decide whether to enable Travis-CI for the main Tahoe-LAFS repo

tahoe-lafs trac at tahoe-lafs.org
Wed Oct 2 10:55:32 UTC 2013


#2072: decide whether to enable Travis-CI for the main Tahoe-LAFS repo
-------------------------+-------------------------------------------------
     Reporter:  daira    |      Owner:  warner
         Type:  defect   |     Status:  new
     Priority:  normal   |  Milestone:  undecided
    Component:  dev-     |    Version:  1.10.0
  infrastructure         |   Keywords:  security travis github brians-
   Resolution:           |  opinion-needed
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by daira):

 I don't think the approach in comment:13 gives enough of a security
 improvement to be worth the complexity or hassle when the token expires.
 Shall we just give {{{travis-tahoe}}} admin access then revoke it after
 the automatic hook setting as described in comment:12? If I understand
 correctly, any undesired operations it did with the admin authority (well,
 other than deleting the repo) would show up in the log for {{{tahoe-lafs
 /tahoe-lafs}}} that is viewable through the github Web interface. Then,
 after the revocation, any write to the repo would show up as a push
 (possibly a force-push) by the {{{travis-tahoe}}} user, so it couldn't
 write silently.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2072#comment:14>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list