:: Re: [devuan-dev] scorsh, releasebot…
Góra strony
Delete this message
Reply to this message
Autor: Jaromil
Data:  
Dla: devuan developers internal list
Temat: Re: [devuan-dev] scorsh, releasebot, and jenkins
On Thu, 20 Jul 2017, Evilham wrote:

> Am 20/07/2017 um 14:15 schrieb Daniel Reurich:
> > To me Scorsh is starting to sound like a security nightmare, and an
> > information hog.
>
> AFAIU, the security aspects of running code from commits are mitigated
> by the fact that those are GPG signed and the GPG keys that are allowed
> to do that are whitelisted (I think, if not, it probably should be like
> this).


yes, this is the case already


also katolas plans to save hashes of the scripts executed, locking
down their contents.

here is the repository https://github.com/dyne/scorsh

its still WIP, but soon we can start testing it for our website, so
that golinux can easily trigger the rendering of an online preview and
an update of the production site.

ciao