Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

On 2011-09-14 15:09, Jesse McConnell wrote:
unless you want to talk about git access credentials being compromised
and oh gee, lets just shut it all down and go play in our little

My concern is that we must assume that Hudson is compromised. Hence, we must assume that all builds produced by Hudson are compromised. Git will make it easier to revert bad stuff, and it does bring the other advantages you mention as well. I really like git, don't get me wrong, but the fundamental security problem remains no matter what mechanism we use to transfer a build result from Hudson to the download site.

Either we trust Hudson, or we don't. If we do, then using ACL's like we do today is OK. If we don't, well, then a very stinky can of worms is opened. We need to either address that fully, or try and secure Hudson so that it can be trusted.

- thomas

Back to the top