:: Re: [devuan-dev] scorsh, releasebot…
Top Page
Delete this message
Reply to this message
Author: Evilham
Date:  
To: devuan-dev
Subject: Re: [devuan-dev] scorsh, releasebot, and jenkins
Am 20/07/2017 um 14:15 schrieb Daniel Reurich:
> To me Scorsh is starting to sound like a security nightmare, and an
> information hog.


AFAIU, the security aspects of running code from commits are mitigated
by the fact that those are GPG signed and the GPG keys that are allowed
to do that are whitelisted (I think, if not, it probably should be like
this).

As for the "tags", it's an unfortunate name collision, you know what
they say, the two hard things in computer science are caching, naming
things, and off-by-one errors.
--
Evilham