|Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions|
On 12/10/2014 03:18 PM, Mikaël Barbero wrote:
Contributing a change in a pom file that invokes "rm -rf downloads/yourProject" would end in an even bigger regression ;)
Having to manually promote the latest snapshot build because of low permissions on hudson.eclipse.org is also another possible regression.
Could Docker help there? Let's say by making the Gerrit triggers run in a Docker container which can be destroyed safely? Is even such container approach really safe?
GitHub Pull Request Builder Plugin ( https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+request+builder+plugin ) requires a trusted person of the project, to manually approve the build of the incoming change. The process is that before kicking a build.
Back to the top