From: DJ Delorie <dj@redhat.com>
To: "Carlos O'Donell" <carlos@redhat.com>
Cc: siddhesh@gotplt.org, libc-alpha@sourceware.org
Subject: Re: Run TryBot-apply_patch on the full queue?
Date: Tue, 20 Sep 2022 10:26:42 -0400 [thread overview]
Message-ID: <xnwn9yyvdp.fsf@greed.delorie.com> (raw)
In-Reply-To: <YymUHYNQ/p11btQU@fedora>
"Carlos O'Donell" <carlos@redhat.com> writes:
> My only concern had been "how do you authenticate this?"
>
> However, after having slept a full night I realized that we need signed
> emails, so the curator already needs to validate signatures.
>
> The "injection" API could take signed messages too?
Any authentication needs to happen before the request is sent to the
trybot. In our current scheme, it's the curator's job. If you write
your own patchwork bot, it will be up to you to figure out what/if
you're going to authenticate.
I'll note that authentication isn't really required just to see if a
patch *applies* though. It's a build that's a security issue.
> Yes. We should just accept a "signed message" API?
The trybot API is not public. It trusts the runner to manage
authorizations. Curator authenticates, runner authorizes, trybot does[*].
> That would reuse all the same infrastructure we have for signed emails?
Once we have that, sure, we can share bits of code between the curator
and other patchbots. However, once we have that, we might not *need* to
share that between patchbots, because the curator would handle those
cases for us.
But signed emails won't solve Siddhesh's request of retrying every
pending patch every day, because they won't be signed.
[*] because, as we all know; do or do not, there is no try.
next prev parent reply other threads:[~2022-09-20 14:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-19 13:31 Siddhesh Poyarekar
2022-09-19 13:38 ` Siddhesh Poyarekar
2022-09-19 16:49 ` DJ Delorie
2022-09-19 19:46 ` Carlos O'Donell
2022-09-19 19:55 ` DJ Delorie
2022-09-20 10:21 ` Carlos O'Donell
2022-09-20 14:26 ` DJ Delorie [this message]
2022-09-20 14:39 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xnwn9yyvdp.fsf@greed.delorie.com \
--to=dj@redhat.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).