[ovirt-devel] [Important!][Action required!] CI-whitelist re-activated

Barak Korren bkorren at redhat.com
Tue Feb 21 17:53:48 UTC 2017


TL;DR: If you are a patch author, please ask your project maintainer
to have you added to the CI whitelist.

The oVirt CI system tries to be a useful and powerful tool for patch
authors and project maintainers. With the current CI-standards, power
is placed in the hands of patch authors to make the system do almost
anything.

We try to be an "open" Open-Source project, so permission is given to
anyone to open a Gerrit account and submit patches.

The above opens the door to the CI system being maliciously exploited,
so some countermeasure was needed. The builders of the CI system
foresaw this and have put in place a white-list mechanism that makes
the CI system only run jobs for patches that come from listed authors.

In recent years the CI system had been re-engineered with the push
towards the CI standards, and the whitelist mechanism was rendered
non-active.

Finally realizing the potential for harm, we acted quickly to
re-enable the whitelist mechanism. We made an effort to include
current authors and maintainers, but we do not know everyone. People
not included in the whitelist will see the following message when
submitting patches:

    To avoid overloading the infrastructure, a  whitelist for
    running gerrit triggered jobs has been set in place, if
    you feel like you should be in it, please contact infra at
    ovirt dot org

If you come across this message, please ask the project maintainer to
send a message to the infra team asking for you to added to the CI
whitelist. We'd rather not receive direct messages from individual
contributors, because we do not know everyone and cannot verify
sources.

We (the infra team) know that the current mechanism can sound
draconian and be inconvenient. But we had to put something in place
quickly. Please join the discussion at [1] to improve it.

[1]: https://ovirt-jira.atlassian.net/browse/OVIRT-1154

-- 
Barak Korren
bkorren at redhat.com
RHCE, RHCi, RHV-DevOps Team
https://ifireball.wordpress.com/


More information about the Devel mailing list