[Twisted-Python] overview: new review queue venue

Glyph glyph at twistedmatrix.com
Sun May 22 01:22:21 MDT 2016


> On May 22, 2016, at 12:15 AM, Hynek Schlawack <hs at ox.cx> wrote:
> 
> Ah finally a fine bike shedding thread that gets everyone involved. ;)
> 
>> Right now, we need to manually vet each change before sending it to buildbots, because they are shared mutable environments that we can't afford to have running untrusted code automatically.  If we could switch to Travis and Appveyor, then we could let them worry about malicious code, which would allow contributors to get instant feedback, rather than waiting for reviewers to manually run the builders.
> 
> I have two points to add:
> 
> 1. Appveyor is terribly slow and sometimes a bit flaky.  I use it for argon2_cffi’s wheels and it drives me bonkers.  It should never become an essential part of anything.  As a first line of defense it’s fine of course.

This is a very useful data point.  I do not have any concrete experience with it and I was kind of wondering about this.

> 2. PyCA has a workflow for Jenkins & GitHub by telling a bot to vet changes.  You can see it here in action: https://github.com/pyca/cryptography/pull/2914#issuecomment-220592167 AFAIK that’s been mostly Paul’s work.  Aren’t you kind of his boss or something *hint hint*? ;)

Thanks for the promotion; I'll be sure to let him know on Monday.

However, it's because I know Paul and I know what a complete nightmare it is to set up and maintain infrastructure like that that I was hoping to cheat and get away with it.  But what I'm hearing from you in this thread is pretty compelling to me that we are going to need to follow a mostly Cryptography-like workflow after all, asking a bot to run some buildbots.

-glyph



More information about the Twisted-Python mailing list