- From: James Graham <jgraham@opera.com>
- Date: Thu, 11 Apr 2013 10:20:56 +0200 (CEST)
- To: Dominique Hazael-Massieux <dom@w3.org>
- cc: public-webapps-testsuite@w3.org, public-test-infra@w3.org
On Wed, 10 Apr 2013, James Graham wrote: > I don't think a manual approach is going to scale. I'm also not sure how the > github API is related to security; all the github API is needed for is to get > notifications about when there are new pull requests or when the repo is > updated. If the security concern is just PHP files mod_pup should be disabled > for the submission/ directory (or, for a more advanced solution, it should be > disabled for files that have been changed on the pull request branch). So, I hacked together the beginnings of a script to do the syncing [1]. It is mostly untested; I had the initial import working, but haven't tried the synchronisation code at all. Obviously it's rather rough, but I think the approach is basically right. Additionally, on its own it won't provide any security at all. You need to disable PHP in the apache config for the submissions/ directory or something similar. [1] https://gist.github.com/jgraham/e17edaeae1f467837f47
Received on Thursday, 11 April 2013 08:21:27 UTC