Re: [boost] TravisCI and Coverall usage policies in Boost

18 Sep 2014

      2014-09-18 13:19 GMT+04:00 Andrey Semashev :
...
On Thu, Sep 18, 2014 at 12:38 PM, Antony Polukhin 
wrote:
...
A few things make me nervous.
First of all, TravisCI requires some access permissions to the repo. I'm
not a github expert so I'm not 100% sure that this is safe.
You mean push permissions? Hm, looks very insecure, that would be a
big concern for me, especially if it can push to boostorg repos. Why
does it need push rights?
It does not require push rights:
http://docs.travis-ci.com/user/github-oauth-scopes/

But it requires some `write:repo_hook` and `repo_deployment`. I'm not sure
what does it mean.

-- 
Best regards,
Antony Polukhin