[GSoC] Progress Report

Zero King l2dy at macports.org
Mon Jun 5 01:17:31 UTC 2017

On Sun, Jun 04, 2017 at 10:23:52PM +0200, Mojca Miklavec wrote:
>Dear Zero King,
>Thank you very much for the update.
>There's one thing I didn't fully understand:
>> "This design is aimed for traceability, we can find the exact GitHub user who submitted a malicious PR."
>I understand that you can neither trust the author's nor committer's
>email from the git commit history, but doesn't GitHub provide a
>reliable information about who submitted the pull request? Of course
>one can have a stolen identity (username/password or key), but I
>probably don't understand at which point you wanted to identify the
>user submitting a PR. Or did you want to identify user trying to chat
>with the bots?

All information CI bot have access to is public, so I'm worried that
someone would send PR bot data without submitting a PR at all.

>You asked about extraction of list of ports which is currently a combination of
>    https://github.com/macports/macports-infrastructure/blob/f79cc559611e5f42dd26808f38cd0750beee12bf/buildbot/master.cfg#L32
>and list-subports in mpbb. I guess the first function could be
>implemented in mpbb instead. And maybe mpbb could get some more
>branching (if-else statements) depending on whether it runs for
>"production" (buildbot) or "testing" (Travis). Or maybe some
>functionality from mpbb could even move to the MacPorts core.

mpbb has a dependency on getopt, so it's not ideal for Travis since
there's a time limit for each build and I'd like to save more time for
actually testing ports.

Best regards,
Zero King

Don't trust the From address.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3612 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20170605/64d52a95/attachment.bin>

More information about the macports-dev mailing list