On 25.06.2013 05:17, Graydon Hoare wrote: > On 13-06-24 08:15 PM, Graydon Hoare wrote: >> On 13-06-24 07:05 PM, Daniel Micay wrote: >> >>> Also, not just the head commit because someone could reset and force >>> push. :P >> >> Bors only pays attention to comments on the head commit, and comments on >> commits adhere to that specific sha1 only. This is intentional. >> >> The part where users can edit other people's comments is .. not. > > I mean, maybe github thinks it's a great idea to edit other people's > words. Maybe it was their intent. I was not aware of this "feature" and > it works counter to the intended security design of bors. Hence this > thread.
I don't really know the existing system, but how about you change it to read comments on the pull request and not the commits? Those comments can only be edited by repo owners of the pull request target, and those people already have access to the merge button so there is very little risk for abuse I imagine. Cheers -- Jordi Boggiano @seldaek - http://nelm.io/jordi _______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
