From 708f28127057d26e7000f24752dd1a111e1c1d75 Mon Sep 17 00:00:00 2001
From: Daniel Wagner-Hall <daniel@matrix.org>
Date: Thu, 10 Sep 2015 17:09:44 +0100
Subject: [PATCH] Add comments about auth

---
 scripts/speculator/main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/speculator/main.go b/scripts/speculator/main.go
index 59047e68..22fb2ff2 100644
--- a/scripts/speculator/main.go
+++ b/scripts/speculator/main.go
@@ -123,6 +123,8 @@ func serveSpec(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	// We're going to run whatever Python is specified in the pull request, which
+	// may do bad things, so only trust people we trust.
 	if !allowedMembers[pr.User.Login] {
 		w.WriteHeader(403)
 		io.WriteString(w, fmt.Sprintf("%q is not a trusted pull requester", pr.User.Login))
@@ -158,6 +160,8 @@ func serveRstDiff(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	// We're going to run whatever Python is specified in the pull request, which
+	// may do bad things, so only trust people we trust.
 	if !allowedMembers[pr.User.Login] {
 		w.WriteHeader(403)
 		io.WriteString(w, fmt.Sprintf("%q is not a trusted pull requester", pr.User.Login))