Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

well if you really want to push the issue then we can approach the
topic I raised in
where we start having signing parties at eclipsecon and build a web of
trust of peoples pgp keys with the eclipse master key

then we are responsible for signing our own stuff and handle security
ourselves instead of trusting hudson to it

that coupled with git would largely resolve the issue


jesse mcconnell

On Wed, Sep 14, 2011 at 08:16, Thomas Hallgren <thomas@xxxxxxx> wrote:
> On 2011-09-14 15:09, Jesse McConnell wrote:
>> unless you want to talk about git access credentials being compromised
>> and oh gee, lets just shut it all down and go play in our little
>> sandboxes
> My concern is that we must assume that Hudson is compromised. Hence, we must
> assume that all builds produced by Hudson are compromised. Git will make it
> easier to revert bad stuff, and it does bring the other advantages you
> mention as well. I really like git, don't get me wrong, but the fundamental
> security problem remains no matter what mechanism we use to transfer a build
> result from Hudson to the download site.
> Either we trust Hudson, or we don't. If we do, then using ACL's like we do
> today is OK. If we don't, well, then a very stinky can of worms is opened.
> We need to either address that fully, or try and secure Hudson so that it
> can be trusted.
> - thomas
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx

Back to the top