Re: Security issues when running gerrit patches on jenkins
Am 18.07.2012 um 13:43 schrieb Mike Burns:
It's not commit access that is being discussed. We're not
giving that
away easily. Jenkins provides the ability to trigger builds/tests on
patch submission (just submission, not commit). A savvy attacker could
write a patch that could cause the tests to compromise the jenkins slave
machine. The whitelist being proposed is a whitelist for running the
build/test based on who submitted the patch.
I got that. I am saying that the way for new committers is similar to
this whitelisting pattern. Meaning that at the start their contributions
are not auto-committed. And then after some time they end up on
a whitelist (== commit access). And if they fail a few times miserably,
the commit access is revoked.
That would match the pattern of not automatically running every
submission directly on gerrit until they have proven that they
know what they are doing.
--
Reg. Adresse: Red Hat GmbH, Technopark II, Haus C,
Werner-von-Siemens-Ring 14, D-85630 Grasbrunn
Handelsregister: Amtsgericht München HRB 153243
Geschaeftsführer: Mark Hegarty, Charlie Peters, Michael Cunningham, Charles Cachera