Security issues when running gerrit patches on jenkins

[Eyal Edri]

Hi,

Following last infra meeting, i want to open for discussion the security issues that may arise if we allow Jenkins
to run jobs (i.e any code) with every gerrit patch.

The problem:

In theory, any user that is registered to gerrit might send a patch to any ovirt project.
That code might contain malicious code, malware, harmfull or just not-related ovirt code that he wants to use our resources for it.
Even though we use limited sudo on hosts, we can't be sure an exploit will be used against one of the jenkins slaves. 


The proposed solutions:

- black-listing authors (published on ovirt.org?)
- white-listing authors (published on ovirt.org?)
- auto approve patch via comparing to lastest commits 
  - check if author recent patches were approved in the past? 

adding dan since he raised this issue when we wanted to add vdsm gerrit tests.
 
thoughts?

Eyal.