On Wed, 10 Apr 2013, James Graham wrote: > I don't think a manual approach is going to scale. I'm also not sure how the > github API is related to security; all the github API is needed for is to get > notifications about when there are new pull requests or when the repo is > updated. If the security concern is just PHP files mod_pup should be disabled > for the submission/ directory (or, for a more advanced solution, it should be > disabled for files that have been changed on the pull request branch). So, I hacked together the beginnings of a script to do the syncing [1]. It is mostly untested; I had the initial import working, but haven't tried the synchronisation code at all. Obviously it's rather rough, but I think the approach is basically right. Additionally, on its own it won't provide any security at all. You need to disable PHP in the apache config for the submissions/ directory or something similar. [1] https://gist.github.com/jgraham/e17edaeae1f467837f47Received on Thursday, 11 April 2013 08:21:27 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:34:08 UTC