Subject: Re: [boost] TravisCI and Coverall usage policies in Boost
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2014-09-18 04:53:15
On 18 Sep 2014 at 12:38, Antony Polukhin wrote:
> A few things make me nervous.
> First of all, TravisCI requires some access permissions to the repo. I'm
> not a github expert so I'm not 100% sure that this is safe.
Meh. If it were subversion, fair enough, but you can't delete stuff
from git without it breaking all pushes and pulls to git. In other
words, we'd notice, and every clone is also a backup.
Travis could push botnet code into unit tests so CIs around the world
execute it I suppose. I have my Jenkins CI configured with a level of
paranoia verging on the extreme (no visibility of local machines or
network, network is completely held separate - all Windows CI
processes run at User perms, not Administrator), but that still
allows a bot net.
> Second one, is that there is no policy in Boost about usage of foreign
> services like TravisCI and Coveralls.
> The questions.
> Is is OK to commit to Boost repos .travis.yml files without enabling
> TravisCI runs?
> Do we need a license note in .travis.yml file?
> Can we enable automated testing using TravisCI for a Boost repo?
Yes. In fact it should be mandatory for all Boost libraries.
> Can we enable automated tests coverage using Coverall for a Boost repo?
Yes. This should also be mandatory for all Boost libraries. It's
free, nobody has an excuse.
We should really add a Boost wiki page on setting this stuff up, and
strongly hint at it being nearly a requirement on the community
review page for new libraries. I can help write this if you'd like to
start it Antony?
-- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk