On Sun, 22 May 2016 at 10:12 Ralph Meijer <ral...@ik.nu> wrote: > On May 22, 2016 9:36:28 AM GMT+02:00, Glyph <gl...@twistedmatrix.com> > wrote: > >[..] > >(Please nobody try to do the clever thing where you configure buildbot > >to automatically pull all PRs, that would effectively negate any > >security protections...) > > > >I've been assuming that in the worst-case scenario, we'd do what > >Cryptography does and have a bot that polls for special comments and > >then triggers buildbot in exactly this way. Perhaps I should have made > >that assumption explicit, I thought it was ticketed somewhere in Braid > >already. > > The Jenkins plugin for GitHub PR triggers has this feature, too. However, > it also has a feature to whitelist users and GitHub teams so that > PRs/commits can trigger automatically for them. Maybe that's a thing for > us, too? >
I don't think we need a whitelist, we can just automatically build branches that are pushed to the twisted/twisted repository. If you can push a branch there, you can also push a change directly to trunk, so you can already execute arbitrary code on the buildbots.
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
