Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea. 
but you get away from the manual 'omg someone deleted X, or deployed
malicious Y to Z and I can't go back, what do I trust?'...you can dig
through git history to see what happened where

as it stands now, while I have shell access to builds I can do
whatever I want on the machine locally

if your hudson builds just checked it into git and a person (live or
replaced by a very small shell script) would be required to put the
content live and in the correct location so it would appear on
downloads.eclipse.org

unless you want to talk about git access credentials being compromised
and oh gee, lets just shut it all down and go play in our little
sandboxes

cheers,
jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx



On Wed, Sep 14, 2011 at 08:00, Thomas Hallgren <thomas@xxxxxxx> wrote:
> On 2011-09-14 14:48, Jesse McConnell wrote:
>>
>> If you back the project downloads directory by git on a per project
>> basis, sort of the same way you back the web page bits by cvs, you
>> have no user shells...and you use git permissions to push and pull
>> content into the correct locations
>>
> So, you move the problem to the point where things are checked in.
> Everything must be secured before that happens.
>
> - thomas
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>

Back to the top