Nathan,
I wasn’t concerned with Github per se but the CI server compiling/running
arbitrary code should some library’s repo get pwnd in some way or that a
rogue library could make it into the list of repos to build in the proposed
system. A hand curated list of repos would mitigate this last conce
If it’s run on CircleCI or Travis and has readonly access to github, I
wouldn’t be too concerned.
The most frequent downloads API in Clojars is a good idea. Could use it as
a basis for the hand rolled site for now and target it for automation in
the future. I’m wondering how amenable/suitable it w
Has anyone looked for vulnerabilities exposed by pulling random libraries
from github.com (or gitlab.com?) and building them? Macros come mind
(mined?!) Solved problem? AFAIK the Rust compiler can't run arbitrary code.
Also instead of choosing "top-N projects on Github" I would begin with the
"
Hi Alex,
I don't think it would be necessary to scrape the Jenkins server too often.
I speculate daily would be enough, hourly at most.
Cheers,
Nathan
On Sun, 29 Jul 2018 at 03:42 Alex Miller wrote:
> On contribs, I just added the emeddable build status plugin - that’s easy.
> Migrating to Tra
On contribs, I just added the emeddable build status plugin - that’s easy.
Migrating to Travis or Circle is not really a viable option based on my last
research on this. I’d be a little worried about adding a lot of traffic that
parsed the feeds. The box running Jenkins is already underpowered a
t;
>
>
> Sean Corfield -- (970) FOR-SEAN -- (904) 302-SEAN
> An Architect's View -- http://corfield.org/
>
> "If you're not annoying somebody, you're not really alive."
> -- Margaret Atwood
>
>
> *From:* clojure@googlegroups.com on behalf of
> Na
View -- http://corfield.org/
"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood
From: clojure@googlegroups.com on behalf of Nathan
Fisher
Sent: Saturday, July 28, 2018 4:11:13 PM
To: clojure@googlegroups.com
Subjec
Hi Sean,
It would be great if there was a general report that we could integrate
with Lein, Boot and anything else people happen to be using.
I think for an MVP having folks update the status of their project manually
as it is verified might not be a bad first step.
To that end I've created a Gi
I suspect quite a few Travis-enabled Clojure projects do full multi-version
testing – but it’s hard to tell at a glance from Travis’s logs. For example,
both HoneySQL and clj-time perform multi-version testing on Travis, but they do
it through Leiningen aliases so there’s only one “build” – no g
