Hi, On Sat, Apr 07, 2018 at 03:45:29PM +0200, db wrote: > On 7 Apr 2018, at 14:37, Ryan Schmidt <ryandes...@macports.org> wrote: > > Only after a PR has been approved and merged to master should a > > binary be uploaded anywhere. > > That's what I meant — but reusing buildbot for testing the PRs.
Remember that Portfiles can execute arbitrary code and root access is available from Portfiles. We do not want to run arbitrary code in a PR on the same build machines we use to build packages that we will distribute to our users. A malicous attacker could modify the machines in a way that packages built after that will be miscompiled. This still leaves us with the option of just setting up a second VM next to the ones we currently use to build packages and use this machine (without resetting it) to build all PRs, but that would still give PRs the possibility to sneak in spam bots or cryptocurrency miners which we also don't want. For these resons, we want to reset the machines to a clean state before every build, which we could do with buildbot, but requires some python magic that hasn't been written yet. -- Clemens