I think the intent is just uploading the output HTML and static assets.

I agree having the temporary output of PR docs build is useful, but I don't think a python.org domain is necessary. If it can be uploaded to any cloud storage service then that's good enough, just provide the link in the status check. The output can be cleared after it receive the PR closed webhook.

On Sun, Nov 4, 2018, 7:43 AM Serhiy Storchaka <storchaka@gmail.com wrote:

04.11.18 17:00, Julien Palard via Python-Dev пише:
> Considering feedback from Ned, what about building this as an independent service? We don't really need to interface with python.org at all, we just need some hardware, a domain, some code to interface with github API and... to start it's probably enough? It would be a usefull POC.

This will just move risks to this service.

Ned mentioned potential abuse. We will host unchecked content. Malicious
user can create a PR which replaces Python documentation with malicious
content.

The Doc/ directory includes Python scripts and Makefile which are used
for building documentation. Malicious user can use this for executing
arbitrary code on our server.

_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/mariatta%40python.org