Closed poulad closed 6 years ago
For the similar reasons, Travis-CI is configured not to run tests on PRs.
But isn't the point of myget having the compiled code of any state readily available? It's up to the users to check whether there's malicious code in what they are using
No! It's up to us to ensure security and accuracy of the product. If we do not so, we loose reliability and trust of the users. However, once a PR is approved and merged into develop, the deployment occurs automatically.
I'm too tired to break up the whole security hypersensibility discussion yet again... So go on, do whatever you think is best
Since anyone can make a PR from a fork, it is possible for them to include malicious code it and make a PR to this repo. MyGet shouldn't deploy packages on PR builds