Hi,

Here is the Python buildbot security documentation: https://devguide.python.org/buildworker/#security-considerations

Victor

Le mar. 28 janv. 2020 à 08:35, A via Python-Buildbots <python-buildbots@python.org> a écrit :

I'm concerned with the security of buildbots which are provided by third-party individuals and organisations.

• What if the buildbots would infect the builds with malware or whatever else?
• What type of security precaution is in place?_______________________________________________ Python-Buildbots mailing list -- python-buildbots@python.org To unsubscribe send an email to python-buildbots-leave@python.org https://mail.python.org/mailman3/lists/python-buildbots.python.org/

-- Night gathers, and now my watch begins. It shall not end until my death.

Re: your first question: the buildbot process does not push, and b) 3rd party people/organizations do not have push authority, so your concern is not not about buildbot - but github and who can push into it (regardless of whether it is part of buildbot testing or not).

As to your second question: the security in place will depend on what that party considers adequate for the task; if you find a security bug in the buildbot package - post there as an issue, better publish a pull request.

On 28/01/2020 07:40, A via Python-Buildbots wrote:

I'm concerned with the security of buildbots which are provided by third-party individuals and organisations.

• What if the buildbots would infect the builds with malware or whatever else?
• What type of security precaution is in place?

---

Python-Buildbots mailing list -- python-buildbots@python.org To unsubscribe send an email to python-buildbots-leave@python.org https://mail.python.org/mailman3/lists/python-buildbots.python.org/