Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

What kind of manual validation do you do to make sure files produces by
Hudson have not been maliciously modified by somebody who gained control
over Hudson instance (assuming you use Hudson to produce
milestone/release builds)?


On 11-09-14 4:31 AM, Gunnar Wagenknecht wrote:
Am 14.09.2011 09:46, schrieb Thomas Hallgren:
I have no idea how I should write a cron-job that would detect malicious code cleverly hidden in a Hudson
build result. Do you? Does anyone?

No I don't. But I know when I prepare a release and need to run the sync
manually. Manual processes are error prone. But they allow me to perform
the validation which sort of works for now.


Back to the top