Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 595070

Summary: gentoo-repo-qa-bot closes PRs from other repositories
Product: Gentoo Infrastructure Reporter: . <dev.rindeal+gentoo>
Component: GitAssignee: Michał Górny <mgorny>
Status: RESOLVED CANTFIX    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description . 2016-09-24 22:34:30 UTC 
https://github.com/gentoo/gentoo/pull/1714

As you can see, I closed the PR via a commit to my overlay.

Does gentoo-repo-qa-bot checks that I'm also the user who created the PR or is it possible to close any PR via this mechanism?
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-09-25 04:59:39 UTC 
It's not in our control, it's github. I could probably work around this by having a separate account for both services but it seems a major hassle for a minor issue. Just don't commit 'Closes:' tags when you don't intend to close a PR.
Comment 2 . 2016-09-25 16:26:16 UTC 
Well, it doesn't look so minor to me as someone could close all PRs to which gentoo-repo-qa-bot has commit access for fun. Having a separate account for gentoo-mirror could be the best/easiest way to go.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-09-25 16:51:31 UTC 
This only applies to repository owners. So far nobody else did that. If it becomes a common nuisance, I can reconsider. However, the effort much exceeds the gain here.

And if someone tries to abuse that, we can simply remove his repository.