forked from the-distro/ofborg
Document known vs. trusted users and their implicatinos
This commit is contained in:
parent
d6787a0923
commit
71f63ef0fd
29
README.md
29
README.md
|
@ -9,9 +9,10 @@
|
|||
|
||||
## Automatic Building
|
||||
|
||||
Users who are _trusted_ (see: ./config.public.json) or _known_ (see:
|
||||
./config.known-users.json) will have their PRs automatically trigger
|
||||
builds if their commits follow the well-defined format of Nixpkgs.
|
||||
Users who are _trusted_ or _known_ (see: Trusted Users vs Known Users)
|
||||
will have their PRs automatically trigger builds if their commits
|
||||
follow the well-defined format of Nixpkgs.
|
||||
|
||||
Example messages and the builds:
|
||||
|
||||
|Message|Automatic Build|
|
||||
|
@ -104,6 +105,28 @@ This is will build `list`, `of`, `attrs`, `looks`, `good`, `to`, `me!`:
|
|||
@grahamcofborg build list of attrs looks good to me!
|
||||
```
|
||||
|
||||
## Trusted Users vs Known Users
|
||||
|
||||
Known users have their builds executed on platforms with working
|
||||
sandboxing. At the time of writing, that means:
|
||||
|
||||
- `x86_64-linux`
|
||||
- `aarch64_linux`
|
||||
|
||||
Trusted users have their builds executed on _all_ platforms, even if
|
||||
they don't have good sandboxing. This opens the host up to a higher
|
||||
risk of security issues, so only well known, trusted member of the
|
||||
community should be added to the trusted user list.
|
||||
|
||||
At the time of writing, trusted users have their builds run on the
|
||||
following platforms:
|
||||
|
||||
- `x86_64-linux`
|
||||
- `aarch64_linux`
|
||||
- `x86_64-darwin`
|
||||
|
||||
See ./config.public.json and ./config.known-users.json for a list of
|
||||
all the trusted and known users.
|
||||
|
||||
# How does OfBorg call nix-build?
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
[
|
||||
"bhipple",
|
||||
"dotlambda",
|
||||
"dywedir",
|
||||
"unode"
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue