
On Wed, 2012-07-18 at 13:34 -0400, Heiko W.Rupp wrote:
Am 18.07.2012 um 13:00 schrieb Robert Middleswarth:
I need trust to be earned so I +1 on whitelist. With that said I think getting on the whitelist should be pretty easy.
Isn't that what you usually do on projects - have the first few commits not directly go to master but being reviewed by an existing committer and then giving full commit access to a new user? So I think that fits in and fits with what new committers are used to. Many of them actually would be scared if they got commit access from day 1.
It's not commit access that is being discussed. We're not giving that away easily. Jenkins provides the ability to trigger builds/tests on patch submission (just submission, not commit). A savvy attacker could write a patch that could cause the tests to compromise the jenkins slave machine. The whitelist being proposed is a whitelist for running the build/test based on who submitted the patch. Mike
Heiko
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra