The patchbot configuration has some options for trusting specific user accounts.
Having said that, you are correct in that it executes code submitted by strangers over the internet. At the very least make a separate user account for running the patchbot. You might want to add an additional container / vm layer. On Saturday, July 6, 2019 at 4:20:09 AM UTC-4, Jonathan Kliem wrote: > > Hi, > > I'm wondering what safety measures are taken for distributing code to the > patchbot clients. > > E.g. if I where to register a new github account and create a ticket that > uploads all files from the user to a server of my choice (maybe via a > malicous doctest), is that ticket still going to be distributed to patchbot > clients? > > I guess the underlying question is, what security measures are recommended > before running a patchbot. On https://wiki.sagemath.org/patchbot I cannot > find anything. > > Jonathan > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/51233fce-98dc-46b9-b643-5e912a994bf0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
