:: Re: [devuan-dev] scorsh, releasebot…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Evilham
Fecha:  
A: devuan-dev
Asunto: Re: [devuan-dev] scorsh, releasebot, and jenkins
Am 20/07/2017 um 14:15 schrieb Daniel Reurich:
> To me Scorsh is starting to sound like a security nightmare, and an
> information hog.


AFAIU, the security aspects of running code from commits are mitigated
by the fact that those are GPG signed and the GPG keys that are allowed
to do that are whitelisted (I think, if not, it probably should be like
this).

As for the "tags", it's an unfortunate name collision, you know what
they say, the two hard things in computer science are caching, naming
things, and off-by-one errors.
--
Evilham