@driazati @leandron ,
I think this proposal will benefit all the work that require updates to dependencies. @masahi @Leo-arm @elenkalda-arm I would suggest lets scope scripts that is relevant to this proposal (as it seems there are already other places the attackers could exploit anyway) . Isn't it just build.sh that we need to checkout from the main ? > make sure scripts run outside of docker are checked out from the target > branch and not the PR branch for forked PRs (similar to how we manage the > `Jenkinsfile` now). I think this approach should address the concern, @driazati I can understand not being able to test things out in the upstream CI, however, how much of a concern is that related to the scripts in question (Im thinking it is just build.sh, but maybe I am wrong) here ? > We could take this further and only rebuild docker images on branches, which > would still make testing / updating easier without the risks. I am not sure I follow this proposal. Can you elaborate ? cc : @areusch --- [Visit Topic](https://discuss.tvm.apache.org/t/rfc-rebuild-docker-images-per-commit/12047/5) to respond. You are receiving this because you enabled mailing list mode. To unsubscribe from these emails, [click here](https://discuss.tvm.apache.org/email/unsubscribe/f107554ad0a1fea769db7c778deeeba805f513633e7a7bc0a8d48472b61bf468).
