larsxschneider@xxxxxxxxx writes: > In order to avoid that in the future I configured Travis CI for Git. With this > patch Travis can run all Git tests including the "git-p4" and "Git-LFS" tests. Interesting. I was wondering about the "p4" part myself. > My idea is that the owner of "https://github.com/git/git"; enables this account > for Travis (it's free!). Then we would automatically get the test state for all > official branches. The last time I heard about this "it's free" thing, I thought I heard that it wants write access to the repository. If that is still the case, the history stored in the GitHub repository the "it's free" thing has access to can become even less trustworthy than it currently is. Those who clone/fetch from it cannot be sure if the tips of branches are what I pushed there, or they were changed to a malicious replacement from sideways by the "it's free" thing, taking advantage of that write access. Granted, those who clone/fetch cannot be sure unless they trust GitHub. The only assurance they have is GitHub's word: "gitster has account with us, gitster pushes into this repository, and we have ACL to ensure that gitster is the only person that can update this repository". Allowing write-access to a third-party will break that assurance, even if you trust GitHub. Of course, this can be improved if we start using signed push into GitHub. It is a separate issue in the sense that it would help GitHub to make that assurance stronger---those who fetch/clone can be assured that the tips of branches are what I pushed, without even trusting GitHub. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html