poulad
commented
7 years ago For the similar reasons, Travis-CI is configured not to run tests on PRs.
Closed poulad closed 6 years ago
poulad
commented
7 years ago For the similar reasons, Travis-CI is configured not to run tests on PRs.
Olfi01
commented
7 years ago But isn't the point of myget having the compiled code of any state readily available? It's up to the users to check whether there's malicious code in what they are using
poulad
commented
7 years ago No! It's up to us to ensure security and accuracy of the product. If we do not so, we loose reliability and trust of the users. However, once a PR is approved and merged into develop, the deployment occurs automatically.
Olfi01
commented
7 years ago I'm too tired to break up the whole security hypersensibility discussion yet again... So go on, do whatever you think is best
poulad
commented
6 years ago
Since anyone can make a PR from a fork, it is possible for them to include malicious code it and make a PR to this repo. MyGet shouldn't deploy packages on PR builds