I think the intent is just uploading the output HTML and static assets. I agree having the temporary output of PR docs build is useful, but I don't think a python.org domain is necessary. If it can be uploaded to any cloud storage service then that's good enough, just provide the link in the status check. The output can be cleared after it receive the PR closed webhook.
On Sun, Nov 4, 2018, 7:43 AM Serhiy Storchaka <storch...@gmail.com wrote: > 04.11.18 17:00, Julien Palard via Python-Dev пише: > > Considering feedback from Ned, what about building this as an > independent service? We don't really need to interface with python.org at > all, we just need some hardware, a domain, some code to interface with > github API and... to start it's probably enough? It would be a usefull POC. > > This will just move risks to this service. > > Ned mentioned potential abuse. We will host unchecked content. Malicious > user can create a PR which replaces Python documentation with malicious > content. > > The Doc/ directory includes Python scripts and Makefile which are used > for building documentation. Malicious user can use this for executing > arbitrary code on our server. > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/mariatta%40python.org >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
