Re: Security issues when running gerrit patches on jenkins
On 08/01/2012 09:50 AM, Ewoud Kohl van Wijngaarden wrote:
On Wed, Aug 01, 2012 at 09:35:39AM -0400, Robert Middleswarth wrote:
> On 08/01/2012 09:31 AM, Eyal Edri wrote:
>> Itamar Heim wrote:
>>> wouldn't it be easier to maintain the whitelist via a git repo on
>>> gerrit?
>> you mean instead of putting it on a wiki page?
>> yes, make sense to maintain a .txt file per project with the whitelist in it.
> Actually makes a lot more since. That allows the projects the
> ability to manage there own list.
Can't we extract this from an authors file? Looking at vdsm/AUTHORS[1]
it looks fairly easy.
That would be a bad idea. All someone would need to do is
add
themselves to that list?
Another thing I can imagine is that someone is not whitelisted but
his/her patch receives recieves a +1 from a whitelisted reviewer it can
be built as well. It would be built anyway if it gets accepted and now
jenkins can give -1 if it fails unit tests. Maybe at +2, but that leaves
very little time to actually build it because often it will get merged
straight away.
That does sound useful once someone not on the white list gets a +1
it
auto test as we can assume anyone reviewing is trusted enough to not +1
a dangerous patch. Of curse this adds even more complexity in a
plug-in. Although not specific enough to make the plug-in not reusable.
[1]:
http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=AUTHORS;hb=HEAD
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
--
Thanks
Robert Middleswarth
@rmiddle (twitter/IRC)