CI system for PR builds

db iamsudo at gmail.com
Sun Apr 8 10:20:34 UTC 2018


On 7 Apr 2018, at 19:44, Clemens Lang <cal at macports.org> wrote:
> Remember that Portfiles can execute arbitrary code and root access is
> available from Portfiles. We do not want to run arbitrary code in a PR
> on the same build machines we use to build packages that we will
> distribute to our users. A malicous attacker could modify the machines
> in a way that packages built after that will be miscompiled.

If you review the code before, that should never be the case and it would build just once if it succeeds, right? Or am I missing something how PRs are handled?


More information about the macports-dev mailing list