XSF Discussion - 2021-09-14

  1. Bung

    😊

  2. Ge0rG

    Do we have secrets on Travis? https://travis-ci.community/t/security-bulletin/12081

  3. jonas’

    news at 11

  4. moparisthebest

    good thing they totally killed travis-ci for most projects a few months ago or that could have been bad

  5. jonas’

    why is everyone surprised about this?

  6. jonas’

    that's exactly how CI tools work

  7. jonas’

    either you leak secrets to PRs, or you get no meaningful CI?

  8. Zash

    Hadn't everyone already moved towards the later?

  9. moparisthebest

    damn this isn't good https://mobile.twitter.com/peter_szilagyi/status/1437646118700175360

  10. moparisthebest

    jonas’, no it's meant to not leak secrets, because building/checking doesn't need secrets, but deploying master or whatever does

  11. jonas’

    depends

  12. jonas’

    my test workflows sometimes require secrets

  13. jonas’

    if they talk to some IaaS for instance.

  14. moparisthebest

    this is the only thing I can find on it at the moment https://github.com/travis-ci/travis-ci/issues/10117

  15. moparisthebest

    but it never shared secrets with PRs from other repositories as far as I know