On 7 Apr 2018, at 19:44, Clemens Lang <c...@macports.org> wrote: > Remember that Portfiles can execute arbitrary code and root access is > available from Portfiles. We do not want to run arbitrary code in a PR > on the same build machines we use to build packages that we will > distribute to our users. A malicous attacker could modify the machines > in a way that packages built after that will be miscompiled.
If you review the code before, that should never be the case and it would build just once if it succeeds, right? Or am I missing something how PRs are handled?
