On Wed, Dec 3, 2008 at 12:05 PM, Marc-Antoine Ruel <[EMAIL PROTECTED]>wrote:
> > What I'm planning is to add "gcl try --patchset 123" to try a patch > residing on rietveld. Not awesome but that limits the main issues and > improves usability. > > Stay tuned. > > We can't open the try server for various reasons. > Untrusted content is one of the reasons why our infrastructure is running in jail. I think we should just do it, at least for people with commit access. (If someone has commit access, they could just commit the malicious patch, and then it will run in all the buildbots, and on many developer machines inside Google anyways). > > M-A > > On Wed, Dec 3, 2008 at 1:48 PM, Peter Kasting <[EMAIL PROTECTED]> wrote: > > On Wed, Dec 3, 2008 at 10:45 AM, Nicolas Sylvain <[EMAIL PROTECTED]> > > wrote: > >> > >> Opening the try servers externally is tricky. If the patch is sent by a > >> malicious users, it means that they can run arbitrary code in our test > >> environment, which is not good. > > > > Yes, I think that's the issue we'd have to deal with. (This is also an > > issue Mozilla has to deal with, as they have publicly-accessible try > > servers.) > > If we can make it so that the worst thing that happens is that the > machine > > goes down, I think we're doing well enough. > >> > >> We would need to limit the scope to only the people who already have > write > >> access to the repository. > > > > I think a solution with this limit is not very useful. > > PK > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-dev" group. To post to this group, send email to chromium-dev@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-dev?hl=en -~----------~----~----~----~------~----~------~--~---
