Subject: Re: [boost] TravisCI and Coverall usage policies in Boost
From: Kyle Lutz (kyle.r.lutz_at_[hidden])
Date: 2014-09-18 10:51:08
On Thu, Sep 18, 2014 at 2:42 AM, Antony Polukhin <antoshkka_at_[hidden]> wrote:
> 2014-09-18 13:19 GMT+04:00 Andrey Semashev <andrey.semashev_at_[hidden]>:
>> On Thu, Sep 18, 2014 at 12:38 PM, Antony Polukhin <antoshkka_at_[hidden]>
>> > A few things make me nervous.
>> > First of all, TravisCI requires some access permissions to the repo. I'm
>> > not a github expert so I'm not 100% sure that this is safe.
>> You mean push permissions? Hm, looks very insecure, that would be a
>> big concern for me, especially if it can push to boostorg repos. Why
>> does it need push rights?
> It does not require push rights:
> But it requires some `write:repo_hook` and `repo_deployment`. I'm not sure
> what does it mean.
Correct, Travis-CI does not require write access to the git repo and
will never push or modify commits. The hooks enable GitHub to notify
Travis-CI when a pull-request is made so that Travis-CI can start a
built automatically and also allow it to update the commit status on
GitHub to indicate if a commit "broke the build".
See the documentation at  for explanations of the permissions
required by Travis-CI.