[Python-Dev] Get a running instance of the doc for a PR.
Serhiy Storchaka
storchaka at gmail.com
Sun Nov 4 10:40:29 EST 2018
04.11.18 17:00, Julien Palard via Python-Dev пише:
> Considering feedback from Ned, what about building this as an independent service? We don't really need to interface with python.org at all, we just need some hardware, a domain, some code to interface with github API and... to start it's probably enough? It would be a usefull POC.
This will just move risks to this service.
Ned mentioned potential abuse. We will host unchecked content. Malicious
user can create a PR which replaces Python documentation with malicious
content.
The Doc/ directory includes Python scripts and Makefile which are used
for building documentation. Malicious user can use this for executing
arbitrary code on our server.
More information about the Python-Dev
mailing list