-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/18/2012 04:05 AM, Eyal Edri wrote:> Hi,
Following last infra meeting, i want to open for discussion the security issues that may arise if we allow Jenkins to run jobs (i.e any code) with every gerrit patch.
- white-listing authors (published on ovirt.org?) ...
I think the consensus we are leaning toward is this: * Use a whitelist to identify who can have Jenkins jobs triggered when a patch hits Gerrit. * Keep the whitelist on the wiki, so it's clear who has access, and the list can be used by all Jenkins hosts. * Current whitelist is built from current committers (from git log). ** compare the whitelist with the current GERRIT_AUTHOR or similar value. Do we want to build-in the ability to check a blacklist, too? Or just use "absence from whitelist"? For example, is there going to be a desire to have someone not be able to automatically run a test on certain parts of the code, but yes on others? - - Karsten - -- Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFQF+2d2ZIOBq0ODEERAmxqAKDNHOfAEHwfTbQz/Yubo3iApBdUYwCePkPC D9M+eLnNAaUv2Y0+yVWA+3o= =HmZo -----END PGP SIGNATURE-----