Hi,
Some clever folks on #rust have pointed out that there is a (somewhat)
exploitable security flaw in the way bors consumes r+ comments.
Specifically, github permits a repository owner, in some circumstances
(which we can't quite figure out) to _edit comments of other people_ on
commits in their repository.
This means that the following attack scenario would work:
DrEvil: Files a PR
Reviewer: Comments "this is awful!" on PR head-commit
DrEvil: Edits comment to "r+ p=100" and lands change
So, to work around this I'll probably teach bors to require review
comments in a different fashion, such as "r+ <sha1>" on the PR itself,
or similar. In the meantime, reviewers beware: anything you say on the
head-commit of a PR can be rewritten by the submitter into an r+, so
assume that "commenting _at all_ implies approval".
-Graydon
_______________________________________________
Rust-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/rust-dev
