Re: [boost] TravisCI and Coverall usage policies in Boost

On Thu, Sep 18, 2014 at 2:42 AM, Antony Polukhin wrote:

2014-09-18 13:19 GMT+04:00 Andrey Semashev :

...

On Thu, Sep 18, 2014 at 12:38 PM, Antony Polukhin wrote:

...

A few things make me nervous.

First of all, TravisCI requires some access permissions to the repo. I'm not a github expert so I'm not 100% sure that this is safe.

You mean push permissions? Hm, looks very insecure, that would be a big concern for me, especially if it can push to boostorg repos. Why does it need push rights?

It does not require push rights: http://docs.travis-ci.com/user/github-oauth-scopes/

But it requires some `write:repo_hook` and `repo_deployment`. I'm not sure what does it mean.

Correct, Travis-CI does not require write access to the git repo and will never push or modify commits. The hooks enable GitHub to notify Travis-CI when a pull-request is made so that Travis-CI can start a built automatically and also allow it to update the commit status on GitHub to indicate if a commit "broke the build". See the documentation at [1] for explanations of the permissions required by Travis-CI. -kyle [1] http://docs.travis-ci.com/user/github-oauth-scopes/