|
Boost : |
Subject: Re: [boost] TravisCI and Coverall usage policies in Boost
From: Kyle Lutz (kyle.r.lutz_at_[hidden])
Date: 2014-09-18 10:51:08
On Thu, Sep 18, 2014 at 2:42 AM, Antony Polukhin <antoshkka_at_[hidden]> wrote:
> 2014-09-18 13:19 GMT+04:00 Andrey Semashev <andrey.semashev_at_[hidden]>:
>
>> On Thu, Sep 18, 2014 at 12:38 PM, Antony Polukhin <antoshkka_at_[hidden]>
>> wrote:
>> >
>> > A few things make me nervous.
>> >
>> > First of all, TravisCI requires some access permissions to the repo. I'm
>> > not a github expert so I'm not 100% sure that this is safe.
>>
>> You mean push permissions? Hm, looks very insecure, that would be a
>> big concern for me, especially if it can push to boostorg repos. Why
>> does it need push rights?
>>
>
> It does not require push rights:
> http://docs.travis-ci.com/user/github-oauth-scopes/
>
> But it requires some `write:repo_hook` and `repo_deployment`. I'm not sure
> what does it mean.
Correct, Travis-CI does not require write access to the git repo and
will never push or modify commits. The hooks enable GitHub to notify
Travis-CI when a pull-request is made so that Travis-CI can start a
built automatically and also allow it to update the commit status on
GitHub to indicate if a commit "broke the build".
See the documentation at [1] for explanations of the permissions
required by Travis-CI.
-kyle
[1] http://docs.travis-ci.com/user/github-oauth-scopes/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk