Yuck, what I just said scared me. Here’s the issue, someone can sneak a change in a pom.xml file that can write anything into the nightly build area. If we don’t detect it, that’ll get copied over to our release download site as we promote the build to
milestone status and then release status.
What I can do instead is create a cron job from my account that copies the bits over from the cdt-master build. Then we won’t have the security issue. It won’t be as reliable as the job doing it, but should be pretty good. Open to other suggestions too.
Doug.
From: Doug Schaefer < dschaefer@xxxxxxx>
Date: Tuesday, November 12, 2013 at 1:48 PM
To: "CDT General developers list." < cdt-dev@xxxxxxxxxxx>
Subject: Re: [cdt-dev] Play with HIPP day
Yeah, I need to figure out how the HIPP is set up in order to properly set up the ACL. I am worried about giving HIPP write access to our downloads area as it does open a security hole, especially with the verify job. But it is pretty minimal. Got a few
things to knock off first before I get to that though.
Doug.
I think it would be nice to keep the same update site so that people using the existing update site can still get updates without having to change anything. But that's pretty minor.
Marc-Andre
On 13-11-11 10:58 AM, Doug Schaefer wrote:
Yeah, not yet. Was debating whether to do that or just let people install from the latest build artifacts in Jenkins, uh, Hudson, like we do internally here. I now archive the whole repository to make that easier.
But I’ll give it some more thought though. We may want to leverage the mirroring of the downloads site.
Doug.
Hi Doug,
I noticed there hasn't been a new build in the nightly update site for a while. I'm assuming the Hudson instance isn't set up yet to copy the artifacts to the update site? Or is there a new url for the nightly juno update site?
Thanks
Marc-Andre
Hey gang,
I’m going to spend today setting up our builds in our hudson instance. In preparation, I have disabled our builds on the main hudson instance.
Also, you’ll see I have started working on a verify job using the Gerrit plug-in for Hudson. Everytime a change request gets submitted, the job will kick off. It will add it’s vote in the Verified category. I’m doing a test build right now, but once that’s
done, I highly recommend committers push all their changes through Gerrit to make sure their change gets tested before committing.
Cheers,
Doug
_______________________________________________
cdt-dev mailing list
cdt-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/cdt-dev
|