Edwin Thomson <[EMAIL PROTECTED]> writes: > zooko wrote: > >> developer submits patch -> buildbot tests it -> droundy reviews and >> commits it -> buildbot builds executables > > The danger here is that the buildbots are then open to running arbitrary > code submitted by random people without any human checking it first. > Some kind of review before you run it is a good idea.
The user manual describes how to set up procmail to auto-apply signed submissions from a whitelist of "trusted" GPG keys. We could set up that as http://darcs.net/incoming, and then have buildbots get/pull from that. Of course, that would still have the current human-before-buildbot behaviour for casual contributors. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
