
Am 18.07.2012 um 13:43 schrieb Mike Burns:
It's not commit access that is being discussed. We're not giving that away easily. Jenkins provides the ability to trigger builds/tests on patch submission (just submission, not commit). A savvy attacker could write a patch that could cause the tests to compromise the jenkins slave machine. The whitelist being proposed is a whitelist for running the build/test based on who submitted the patch.
I got that. I am saying that the way for new committers is similar to this whitelisting pattern. Meaning that at the start their contributions are not auto-committed. And then after some time they end up on a whitelist (== commit access). And if they fail a few times miserably, the commit access is revoked. That would match the pattern of not automatically running every submission directly on gerrit until they have proven that they know what they are doing. -- Reg. Adresse: Red Hat GmbH, Technopark II, Haus C, Werner-von-Siemens-Ring 14, D-85630 Grasbrunn Handelsregister: Amtsgericht München HRB 153243 Geschaeftsführer: Mark Hegarty, Charlie Peters, Michael Cunningham, Charles Cachera