I think every advance that closes the gap between the Docker images being updated and the PRs is much welcome.
One of the reasons it is not _live_ as it would seem logical to be, is because of security reasons (based on a chat long ago with @tqchen). We can't blindly run a docker rebuild for any PR, because that opens the door for random people to run arbitrary commands on our Jenkins nodes, just by submitting a PR with changes to our shell scripts e.g. `build.sh` or `bash.sh`, which would run outside a container. Does the proposed change here address this fundamental issue of the way our CI is organised? --- [Visit Topic](https://discuss.tvm.apache.org/t/rfc-rebuild-docker-images-per-commit/12047/3) to respond. You are receiving this because you enabled mailing list mode. To unsubscribe from these emails, [click here](https://discuss.tvm.apache.org/email/unsubscribe/4256c6b30abef0f2924c8749ba364654732d2cef5f62fa4c8529d7bda08dd842).
