Nathan,
I wasn’t concerned with Github per se but the CI server compiling/running
arbitrary code should some library’s repo get pwnd in some way or that a
rogue library could make it into the list of repos to build in the proposed
system. A hand curated list of repos would mitigate this last conce
If it’s run on CircleCI or Travis and has readonly access to github, I
wouldn’t be too concerned.
The most frequent downloads API in Clojars is a good idea. Could use it as
a basis for the hand rolled site for now and target it for automation in
the future. I’m wondering how amenable/suitable it w
Has anyone looked for vulnerabilities exposed by pulling random libraries
from github.com (or gitlab.com?) and building them? Macros come mind
(mined?!) Solved problem? AFAIK the Rust compiler can't run arbitrary code.
Also instead of choosing "top-N projects on Github" I would begin with the
"
Hi Alex,
I don't think it would be necessary to scrape the Jenkins server too often.
I speculate daily would be enough, hourly at most.
Cheers,
Nathan
On Sun, 29 Jul 2018 at 03:42 Alex Miller wrote:
> On contribs, I just added the emeddable build status plugin - that’s easy.
> Migrating to Tra
On contribs, I just added the emeddable build status plugin - that’s easy.
Migrating to Travis or Circle is not really a viable option based on my last
research on this. I’d be a little worried about adding a lot of traffic that
parsed the feeds. The box running Jenkins is already underpowered a
t;
>
>
> Sean Corfield -- (970) FOR-SEAN -- (904) 302-SEAN
> An Architect's View -- http://corfield.org/
>
> "If you're not annoying somebody, you're not really alive."
> -- Margaret Atwood
>
>
> *From:* clojure@googlegroups.com on behalf of
> Na
View -- http://corfield.org/
"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood
From: clojure@googlegroups.com on behalf of Nathan
Fisher
Sent: Saturday, July 28, 2018 4:11:13 PM
To: clojure@googlegroups.com
Subjec
clojure@googlegroups.com on behalf of
> Nathan Fisher
> *Sent:* Friday, July 27, 2018 4:11:05 PM
> *To:* clojure@googlegroups.com
> *Subject:* Rusts Upgrades
>
> Hi Folks,
>
> Reading up the recent blog post “What is Rust 2018” and happened upon this;
>
> “We put in a
"
-- Margaret Atwood
From: clojure@googlegroups.com on behalf of Nathan
Fisher
Sent: Friday, July 27, 2018 4:11:05 PM
To: clojure@googlegroups.com
Subject: Rusts Upgrades
Hi Folks,
Reading up the recent blog post “What is Rust 2018” and happened upon this;
“We put
Sounds great! mfikes canary build for ClojureScript is similar. I do more
targeted versions of this manually for certain kinds of changes. I don’t
personally have time right now to build this but would love to have it.
--
You received this message because you are subscribed to the Google
Groups
Hi Folks,
Reading up the recent blog post “What is Rust 2018” and happened upon this;
“We put in a lot of work to make upgrades painless; for example, we run a
tool (called “crater”) before each Rust release that downloads every
package on crates.io and attempts to build their code and run their
11 matches
Mail list logo
