Jeff King <peff@xxxxxxxx> writes: > I think both Junio and I have access to the Travis config. Travis does > have a "this is secret" flag for setup config. But I think we'd need to > verify that running the Travis build does not leak the variable in any > other way. I am not sure if I want to "Authorize application" at the GitHub site to give Travis that broad set of permissions, though. That is why I do not "log in with GitHub" to Travis. I just logged into Travis and it seems to me that git/git is set to build branch updates (which sounds sensible) and also is set to build pull request updates. That somehow sounds like a dangerous mix with the "secret environment variables" thing, at least to me. > For instance, if it's in the environment, can I push up a branch that > does "set | grep GFW_CI_TOKEN", open a PR, and see it? I don't know the > answer.