On Sun, 8 Apr 2018 12:20:34 +0200 db <iams...@gmail.com> wrote: > On 7 Apr 2018, at 19:44, Clemens Lang <c...@macports.org> wrote: > > Remember that Portfiles can execute arbitrary code and root > > access is available from Portfiles. We do not want to run > > arbitrary code in a PR on the same build machines we use to build > > packages that we will distribute to our users. A malicous > > attacker could modify the machines in a way that packages built > > after that will be miscompiled. > > If you review the code before, that should never be the case and it > would build just once if it succeeds, right? Or am I missing > something how PRs are handled?
Zero King already noted that we need to be able to trigger CI automatically. I'll note on top of that that any system that depends on humans noticing a subtle attempt to break our security will fail -- humans are not perfect in reviewing code. If we were, we wouldn't need a CI system in the first place. Perry -- Perry E. Metzger pe...@piermont.com
