Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 595070 - gentoo-repo-qa-bot closes PRs from other repositories
Summary: gentoo-repo-qa-bot closes PRs from other repositories
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: CVS/SVN/Git (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michał Górny
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-24 22:34 UTC by .
Modified: 2016-09-25 16:51 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description . 2016-09-24 22:34:30 UTC
https://github.com/gentoo/gentoo/pull/1714

As you can see, I closed the PR via a commit to my overlay.

Does gentoo-repo-qa-bot checks that I'm also the user who created the PR or is it possible to close any PR via this mechanism?
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-09-25 04:59:39 UTC
It's not in our control, it's github. I could probably work around this by having a separate account for both services but it seems a major hassle for a minor issue. Just don't commit 'Closes:' tags when you don't intend to close a PR.
Comment 2 . 2016-09-25 16:26:16 UTC
Well, it doesn't look so minor to me as someone could close all PRs to which gentoo-repo-qa-bot has commit access for fun. Having a separate account for gentoo-mirror could be the best/easiest way to go.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-09-25 16:51:31 UTC
This only applies to repository owners. So far nobody else did that. If it becomes a common nuisance, I can reconsider. However, the effort much exceeds the gain here.

And if someone tries to abuse that, we can simply remove his repository.