[Buildbot] #3459: publish built on Travis docs for each pull request
Buildbot trac
trac at buildbot.net
Sun Feb 21 17:31:51 UTC 2016
#3459: publish built on Travis docs for each pull request
-------------------+--------------------
Reporter: rutsky | Owner:
Type: task | Status: new
Priority: major | Milestone: 0.9.+
Version: | Resolution:
Keywords: |
-------------------+--------------------
Comment (by rutsky):
I think not working artifacts in PR is a security feature: looks like
private environment variables like `ARTIFACTS_SECRET` are actual
environment variables during all steps that run inside Travis VM, so
malicious can add step like `echo $ARTIFACTS_SECRET` in his PR to steal
credentials.
Looks like !AppVeyor allows artifacts upload for pull requests:
http://help.appveyor.com/discussions/problems/2646-pull-requests-always-
create-artifacts-potentially-letting-users-download-malicious-code
but they don't decrypt secret env. variables in PRs, so there is no way to
use it in PRs without exposing credentials.
--
Ticket URL: <http://trac.buildbot.net/ticket/3459#comment:6>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the bugs
mailing list