[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions

The problem isn¹t Gerrit, it¹s the verification jobs a lot of us have set
up that run on every change request on our HIPPs. The issue is more that
the verification jobs have too much access rights. They really need to be
minimized. And the HIPP instances need to be constrained since they share
resources with each other.

Doug.

On 2014-12-10, 10:35 AM, "Mike Milinkovich" <mike.milinkovich@xxxxxxxxxxx>
wrote:

>Denis,
>
>Surely this is an issue that affects Gerrit as a whole? Have you also
>addressed this concern to their community mailing list? I would expect
>that other projects that use Gerrit (e.g. Android, OpenStack) would be
>even larger targets that Eclipse, and may have already arrived at an
>approach.
>
>On 10/12/2014 8:54 AM, Denis Roy wrote:
>> Well, the moment I've been dreading has finally come... malicious
>> virus/malware is now in our Gerrit database.
>_______________________________________________
>eclipse.org-committers mailing list
>eclipse.org-committers@xxxxxxxxxxx
>https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>
>IMPORTANT: Membership in this list is generated by processes internal to
>the Eclipse Foundation.  To be permanently removed from this list, you
>must contact emo@xxxxxxxxxxx to request removal.