W3C home > Mailing lists > Public > public-webapps-testsuite@w3.org > April 2013

Re: Checkout of web-platform-tests pull request

From: James Graham <jgraham@opera.com>
Date: Thu, 11 Apr 2013 10:20:56 +0200 (CEST)
To: Dominique Hazael-Massieux <dom@w3.org>
cc: public-webapps-testsuite@w3.org, public-test-infra@w3.org
Message-ID: <alpine.DEB.2.02.1304111015590.27561@sirius>
On Wed, 10 Apr 2013, James Graham wrote:

> I don't think a manual approach is going to scale. I'm also not sure how the 
> github API is related to security; all the github API is needed for is to get 
> notifications about when there are new pull requests or when the repo is 
> updated. If the security concern is just PHP files mod_pup should be disabled 
> for the submission/ directory (or, for a more advanced solution, it should be 
> disabled for files that have been changed on the pull request branch).

So, I hacked together the beginnings of a script to do the syncing [1]. It 
is mostly untested; I had the initial import working, but haven't tried 
the synchronisation code at all. Obviously it's rather rough, but I think 
the approach is basically right. Additionally, on its own it won't provide 
any security at all. You need to disable PHP in the apache config for the 
submissions/ directory or something similar.

[1] https://gist.github.com/jgraham/e17edaeae1f467837f47
Received on Thursday, 11 April 2013 08:21:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:52:57 UTC