On Jun 15, 2015 9:03 AM, "Pauli Virtanen" <pav@iki.fi> wrote:
15.06.2015, 12:00, Nathaniel Smith kirjoitti: [clip]
One thing to consider is the disadvantage from security POV: this gives full write access to the Numpy repository to that someone who is running the bot. I don't see information on who this person (or these persons) is and how access to the bot and the bot account is controlled. (Travis-CI doesn't have that AFAIK, it can only change the passed/not-passed icons.)
That's a fair point. The person running the bot is Barosl Lee (@barosl), who is also the author of the homu bot (https://github.com/barosl/homu) that the homu.io hosted service is based on. The Mozilla rust and servo teams are using this code to manage all their merges, e.g.: http://buildbot.rust-lang.org/homu/queue/rust though they are running a self hosted version, not using homu.io. If we're uncomfortable with the hosted service then hosting it ourselves wouldn't be hard -- I've actually had "set up a homu instance" as a todo item for most of a year now (check out Graydon's last comment on the lj past I linked to upthread, and who he's replying to ;-)). I literally sat down to get this done last night, got half way through, and then discovered that @barosl had finally announced their hosted service 18 hours earlier, so I figured I'd be lazy and just use that instead :-). Personally I'm not worried about the security issues -- I think the chances that @barosl is malicious are basically zero, and while every account that gets access to a repository increases the risk that someone might steal their credentials and do something naughty with them, the additional risk seems minimal to me. (Right now there are 16 accounts that have full admin access to numpy/numpy; @homu is not one of them.) But if people prefer I'm happy to self-host too. -n