Changes between Initial Version and Version 1 of Ticket #2072, comment 14


Ignore:
Timestamp:
2013-10-02T10:58:52Z (11 years ago)
Author:
daira
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2072, comment 14

    initial v1  
    1 I don't think the approach in comment:13 gives enough of a security improvement to be worth the complexity or hassle when the token expires. Shall we just give {{{travis-tahoe}}} admin access then revoke it after the automatic hook setting as described in comment:12? If I understand correctly, any undesired operations it did with the admin authority (well, other than deleting the repo) would show up in the log for {{{tahoe-lafs/tahoe-lafs}}} that is viewable through the github Web interface. Then, after the revocation, any write to the repo would show up as a push (possibly a force-push) by the {{{travis-tahoe}}} user, so it couldn't write silently.
     1I don't think the approach in comment:13 gives enough of a security improvement to be worth the complexity or hassle when the token expires. Shall we just give {{{travis-tahoe}}} admin access then revoke it (i.e. change to write access) after the automatic hook setting as described in comment:12? If I understand correctly, any undesired operations it did with the admin authority (well, other than deleting the repo) would show up in the log for {{{tahoe-lafs/tahoe-lafs}}} that is viewable through the github Web interface. Then, after the revocation, any write to the repo would show up as a push (possibly a force-push) by the {{{travis-tahoe}}} user, so it couldn't write silently.