[rust-dev] Rust-ci updates (project categories and documentation)

Kang Seonghoon someone at mearie.org
Tue Jan 21 01:18:39 PST 2014


Great! I really appreciate a new project listing. Maybe you should
emphasize that you need to run `rustdoc` yourself to get the generated
docs uploaded to the server ;)

I have a question, or rather, a possible security issue with the
artifact uploading though, especially given the following script
template:

https://github.com/hansjorg/rust-ci/blob/master/tpt/ppatrigger/templates/ppatrigger/put_artifacts_script.txt

I'm not sure how you are using S3, but unless you give temporary
credentials to every project and set the bucket policy to ensure the
quota, malicious owners can do hairy things (exceeding quotas at the
least). I think per-upload signed policy [1] will work in this case,
though I'm not sure there is a CLI command for that. Not to mention
that the current script can upload anything, but I assume that you are
already taking that risk (or somehow have mitigated it).

[1] http://stackoverflow.com/a/5349530

2014/1/21 Hans Jørgen Hoel <hansjorg at gmail.com>:
> Hi,
>
> Rust-ci (http://www.rust-ci.org/) has been updated with some new features
>
> * documentation can be uploaded during Travis CI builds (see project
> page -> owner actions -> get config for docs upload)
> * categorization of projects
> * projects can now be edited and deleted by owners (aka Web 2.0 compliance)
>
> For a view of projects by category see:
>
> http://www.rust-ci.org/projects/
>
> I've added likely categories to projects based on name and
> description, but I've probably missed a few so please take a look at
> your own project (owner actions -> edit project to change).
>
> Categories are fixed for now. Give me a ping if you want to have a
> category added or changed.
>
> Projects on the frontpage with a padlock in the status column are
> missing Travis CI authentication due to an earlier bug. To fix this,
> go to the project page and select Authenticate.
>
> If you encounter any other issues, please report it here:
>
> https://github.com/hansjorg/rust-ci
>
> Next up:
>
> * benchmarks upload (and graphing)
>
> cheers,
>
> Hans Jørgen
> _______________________________________________
> Rust-dev mailing list
> Rust-dev at mozilla.org
> https://mail.mozilla.org/listinfo/rust-dev



-- 
-- Kang Seonghoon | Software Engineer, iPlateia Inc. | http://mearie.org/
-- Opinions expressed in this email do not necessarily represent the
views of my employer.
--


More information about the Rust-dev mailing list