Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public

Ouch, that is not good.  Yes, I agree we should definitely tighten things down.

For what it's worth, Hudson was set up by (Rich Gronback? Adrian Skehill?) specifically for the Galileo build.  I'm a bit out of the loop, but it seems people are using it for much more than that.  Perhaps Rich, Adrian and/or other Hudson experts can chime in and configure it to be more secure?


Oisin Hurley wrote:
I just received a worrying email which stated that Hudson job configurations
are editable by anyone with the correct URL for the job..

I just managed to confirm this.

When I go to, I'm asked to login with my
build infrastructure credentials. If I go direct to the job, for example

then I don't have to log in at all and can muck about with the
job at will :(

I'd like to keep build control in the hands of the project leads and
designated builders only - requiring b.e.o. login would be good

Do you think we could introduce some access control on those
jobs pages?

cross-project-issues-dev mailing list

Denis Roy
I'm going to EclipseCon 2009

Back to the top