Dennis Kaarsemaker <dennis@xxxxxxxxxxxxxxx> writes: > On zo, 2015-10-04 at 10:46 -0700, Junio C Hamano wrote: >> One final question. Which configuration file does the CI use when >> running a PR-initiated test? The one already in the repository >> i.e. the target of the proposed pull, or the one that is possibly >> updated by the PR? >> >> I am wondering if that can be an avenue for a possible mischief. > > The latter. And it can, as it can enable notifications. OK, so an attacker can send emails (by faking one of the repository owner's identity on a commit, and then submitting a pull-request for this commit). But such attacker could already send emails via GitHub to all repository watchers (not just owners) by sending pull-requests. Or by using his mailer. Other than that, Travis-CI uses a container-based infrastructure to ensure clean and independent builds. So, an attacker could trigger a build doing "rm -fr /" or whatever without impacting other builds. -- Matthieu Moy http://www-verimag.imag.fr/~moy/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html