On Tue, Jun 25, 2013 at 9:39 AM, Jordi Boggiano <[email protected]> wrote: > On 25.06.2013 05:17, Graydon Hoare wrote: >> On 13-06-24 08:15 PM, Graydon Hoare wrote: >>> On 13-06-24 07:05 PM, Daniel Micay wrote: >>> >>>> Also, not just the head commit because someone could reset and force >>>> push. :P >>> >>> Bors only pays attention to comments on the head commit, and comments on >>> commits adhere to that specific sha1 only. This is intentional. >>> >>> The part where users can edit other people's comments is .. not. >> >> I mean, maybe github thinks it's a great idea to edit other people's >> words. Maybe it was their intent. I was not aware of this "feature" and >> it works counter to the intended security design of bors. Hence this >> thread. > > I don't really know the existing system, but how about you change it to > read comments on the pull request and not the commits? Those comments > can only be edited by repo owners of the pull request target, and those > people already have access to the merge button so there is very little > risk for abuse I imagine. > > Cheers > > -- > Jordi Boggiano > @seldaek - http://nelm.io/jordi
They're a review of a specific commit, so they would need to refer to a hash. _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
