Security issues when running gerrit patches on jenkins
Robert Middleswarth
robert at middleswarth.net
Wed Aug 1 13:56:44 UTC 2012
On 08/01/2012 09:50 AM, Ewoud Kohl van Wijngaarden wrote:
> On Wed, Aug 01, 2012 at 09:35:39AM -0400, Robert Middleswarth wrote:
>> On 08/01/2012 09:31 AM, Eyal Edri wrote:
>>> Itamar Heim wrote:
>>>> wouldn't it be easier to maintain the whitelist via a git repo on
>>>> gerrit?
>>> you mean instead of putting it on a wiki page?
>>> yes, make sense to maintain a .txt file per project with the whitelist in it.
>> Actually makes a lot more since. That allows the projects the
>> ability to manage there own list.
> Can't we extract this from an authors file? Looking at vdsm/AUTHORS[1]
> it looks fairly easy.
That would be a bad idea. All someone would need to do is add
themselves to that list?
>
> Another thing I can imagine is that someone is not whitelisted but
> his/her patch receives recieves a +1 from a whitelisted reviewer it can
> be built as well. It would be built anyway if it gets accepted and now
> jenkins can give -1 if it fails unit tests. Maybe at +2, but that leaves
> very little time to actually build it because often it will get merged
> straight away.
That does sound useful once someone not on the white list gets a +1 it
auto test as we can assume anyone reviewing is trusted enough to not +1
a dangerous patch. Of curse this adds even more complexity in a
plug-in. Although not specific enough to make the plug-in not reusable.
> [1]: http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=AUTHORS;hb=HEAD
> _______________________________________________
> Infra mailing list
> Infra at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
--
Thanks
Robert Middleswarth
@rmiddle (twitter/IRC)
More information about the Infra
mailing list