Subject: Re: [boost] TravisCI and Coverall usage policies in Boost
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2014-09-18 05:19:55
On Thu, Sep 18, 2014 at 12:38 PM, Antony Polukhin <antoshkka_at_[hidden]> wrote:
> A few things make me nervous.
> First of all, TravisCI requires some access permissions to the repo. I'm
> not a github expert so I'm not 100% sure that this is safe.
You mean push permissions? Hm, looks very insecure, that would be a
big concern for me, especially if it can push to boostorg repos. Why
does it need push rights?
> The questions.
> Do we need a license note in .travis.yml file?
I suppose, all content should be licensed to avoid any confusion.
> there is no policy in Boost about usage of foreign
> services like TravisCI and Coveralls.
> Is is OK to commit to Boost repos .travis.yml files without enabling
> TravisCI runs?
> Can we enable automated testing using TravisCI for a Boost repo?
> Can we enable automated tests coverage using Coverall for a Boost repo?
I think you can do that with your library. My main concern is that
push access should be restricted to the parties who is responsible for
the code and not third party systems, which security is questionable.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk