[engineering.redhat.com #319333] Re: [Security] System job to deploy rpms

Red Hat Product Security secalert at redhat.com
Wed Oct 8 16:18:15 UTC 2014


On Wed Oct 08 08:35:15 2014, sbonazzo at redhat.com wrote:
> Il 08/10/2014 12:02, Ohad Basan ha scritto:
> > Hello everyone.
> >
> > I've created a small job (not yet enabled)
> > that gets an rpm and then deploys it to the static repo at
> resources.ovirt.org
> > for this I've sent this patch http://gerrit.ovirt.org/#/c/33863/
> > that will add the "resources" user. it will have permissions only
> for the static rpms directory and will scp the files to there.
> > is it acceptable by everybody security-wise?
> >
> 
> Adding security list to the loop.

Hi, thanks for this.  I'm a bit confused though.  Is this pertaining to the infrastructure for the oVirt project, or is this code going into the oVirt code itself that is then consumed by downstream users?  I only ask because of the reference to resources.ovirt.org so I'm unsure whether this is a code question or an infrastructure question.

Can you please advise?

-- 
Vincent Danen / Red Hat Product Security



More information about the Infra mailing list