octave-maintainers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternative to Source Forge for Octave Packages (Was : Re: pdepe)

From: Carlo De Falco
Subject: Re: Alternative to Source Forge for Octave Packages (Was : Re: pdepe)
Date: Tue, 31 May 2016 10:08:23 +0000 
On 31 May 2016, at 08:09, Oliver Heimlich <address@hidden> wrote:

> The security issue happens before running automatic tests (we are
> talking of BISTs?). You could do the latter with:
> 
>       pkg ("load", "packagename")
>       __run_test_suite__ ({pkg("list", "packagename"){}.dir}, {})
> 
> As you point out, this will run (unverified) code on the users machine.

My concern was actually that arbitrary code may be run on the CI server,
we could avoid it to run on users' machines by not allowing to download
package versions that do not pass all tests and making tests fail if forbidden
actions are detected when running the test suite on the CI server...

c.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]