On 18 Sep 2014 at 12:38, Antony Polukhin wrote:
A few things make me nervous.
First of all, TravisCI requires some access permissions to the repo. I'm not a github expert so I'm not 100% sure that this is safe.
Meh. If it were subversion, fair enough, but you can't delete stuff from git without it breaking all pushes and pulls to git. In other words, we'd notice, and every clone is also a backup. Travis could push botnet code into unit tests so CIs around the world execute it I suppose. I have my Jenkins CI configured with a level of paranoia verging on the extreme (no visibility of local machines or network, network is completely held separate - all Windows CI processes run at User perms, not Administrator), but that still allows a bot net.
Second one, is that there is no policy in Boost about usage of foreign services like TravisCI and Coveralls.
The questions.
Is is OK to commit to Boost repos .travis.yml files without enabling TravisCI runs?
Yes.
Do we need a license note in .travis.yml file?
Yes.
Can we enable automated testing using TravisCI for a Boost repo?
Yes. In fact it should be mandatory for all Boost libraries.
Can we enable automated tests coverage using Coverall for a Boost repo?
Yes. This should also be mandatory for all Boost libraries. It's free, nobody has an excuse. We should really add a Boost wiki page on setting this stuff up, and strongly hint at it being nearly a requirement on the community review page for new libraries. I can help write this if you'd like to start it Antony? Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/