|Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.|
On 2011-09-14 15:09, Jesse McConnell wrote:
My concern is that we must assume that Hudson is compromised. Hence, we must assume that all builds produced by Hudson are compromised. Git will make it easier to revert bad stuff, and it does bring the other advantages you mention as well. I really like git, don't get me wrong, but the fundamental security problem remains no matter what mechanism we use to transfer a build result from Hudson to the download site.unless you want to talk about git access credentials being compromised and oh gee, lets just shut it all down and go play in our little sandboxes
Either we trust Hudson, or we don't. If we do, then using ACL's like we do today is OK. If we don't, well, then a very stinky can of worms is opened. We need to either address that fully, or try and secure Hudson so that it can be trusted.
Back to the top