Before sending my earlier too-simple response to accessing
download.eclipse.org, I checked and corrected the permissions of
It would appear that the intention to provide read access by
default is not happening in practice. It would appear that most
jobs do not comply.
I see two sets of defaults. One for anonymous and one for
authenticated users. Does "authenticated" mean logged in? Both
sets of permissions seem blank by default.
I feel that it is very important to at least allow logged in users
to read the job config. The only security issue I can see is if some
script has a clear text password, which seems like a very
undesirable practice meriting an alternative solution, just possibly
an explicitly private config.
On 10/10/2018 11:07, Mickael Istria
By default, anonymous users have the following
So anonymous users can see build results, build artifacts
& console logs.
Ok, so that could be an issue with my specific pipeline
By default, all logged in committers also have the
This allows to *read* the job configuration.
Ok, good then.
Allowing non-privileged users to read the job
configuration *can* be a
potential security issue.
Out of curiosity, what kind of security issue could it be?
cbi-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit