Re: Security issues when running gerrit patches on jenkins

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/18/2012 04:05 AM, Eyal Edri wrote:> Hi, I think the consensus we are leaning toward is this: * Use a whitelist to identify who can have Jenkins jobs triggered when a patch hits Gerrit. * Keep the whitelist on the wiki, so it's clear who has access, and the list can be used by all Jenkins hosts. * Current whitelist is built from current committers (from git log). ** compare the whitelist with the current GERRIT_AUTHOR or similar value. Do we want to build-in the ability to check a blacklist, too? Or just use "absence from whitelist"? For example, is there going to be a desire to have someone not be able to automatically run a test on certain parts of the code, but yes on others? - - Karsten - -- Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41