public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshat Jaimini <[email protected]>
To: Daniel Gustafsson <[email protected]>
To: [email protected]
To: Magnus Hagander <[email protected]>
Subject: Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
Date: Fri, 6 Oct 2023 22:42:28 +0530
Message-ID: <CAMaW3ViOZYfxYMTYVHLOZHhVejSQ-BA0_X8hAmwwAPkxuVVObg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAMaW3VhRaUvSi_mR+_th7b=LQ3NZ-=Kg_aqTmAQpRXhC9zoDJg@mail.gmail.com>
<CABUevEyiDjSY3iR6V-3EWqRmpgX490uVoxKWzCFXJUD5NOUvKQ@mail.gmail.com>
<CAMaW3VgFmQH6Qz_5rE3mmGrSqNXk-0T0z_czufZOnMai2Yo61w@mail.gmail.com>
<[email protected]>
<CAMaW3VhQ-tfc6cHx=QxLgDsWHYFccZPz=JOq87frnkaANmPggw@mail.gmail.com>
<[email protected]>
> I clicked through the linked repo but I was unable to see an example
testrun.
You can find the reports here:
https://github.com/destrex271/pgweb-testing-harness/actions/runs/6189299124
. You can check the 'report', 'test-log' and 'failure_logs' artifacts, the
other ones are experimental for now.
> For tests like that we must really think about scope, limiting the report
isn't useful if we publish the tests for anyone to run themselves and thus
generate the report.
> Malicious actors are no doubt probing the website continuously regardless
of this, but we don't necessarily need to do the job for them.
Oh yes, that is a valid point, I guess we might need to separate these
tests then in some private repo? I don't know if this is possible though
but we can think of some other approaches. Because if we keep those tests
publicly available that will just create more problems for us, as you
mentioned in your reply.
I'll try to find more approaches to this because the private repository
does not seem to go with the idea of open source. I might be wrong about
this, so please let me know if I am wrong.
Regards,
Akshat Jaimini
On Fri, Oct 6, 2023 at 6:09 PM Daniel Gustafsson <[email protected]> wrote:
> > On 6 Oct 2023, at 08:05, Akshat Jaimini <[email protected]> wrote:
> >
> > > Publishing this report to a website would handle that I think.
> > I had sent a proposal/tried to start a discussion for this a few days
> earlier
>
> It would probably help if you could link to a report from a run of the test
> suite. I clicked through the linked repo but I was unable to see an
> example
> testrun.
>
> > > One question, would this test harness detect and report potential
> security issues like XSS?
> > Security related tests were not added in the Gsoc timeline but we are
> planning to add them. Maybe when we add those tests we can create a
> separate section on the proposed website only available to some 'admins'
> with all these sensitive reports being displayed there.
>
> For tests like that we must really think about scope, limiting the report
> isn't
> useful if we publish the tests for anyone to run themselves and thus
> generate
> the report. Malicious actors are no doubt probing the website continuously
> regardless of this, but we don't necessarily need to do the job for them.
>
> --
> Daniel Gustafsson
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
In-Reply-To: <CAMaW3ViOZYfxYMTYVHLOZHhVejSQ-BA0_X8hAmwwAPkxuVVObg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox