|Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions|
The problem isn¹t Gerrit, it¹s the verification jobs a lot of us have set up that run on every change request on our HIPPs. The issue is more that the verification jobs have too much access rights. They really need to be minimized. And the HIPP instances need to be constrained since they share resources with each other. Doug. On 2014-12-10, 10:35 AM, "Mike Milinkovich" <mike.milinkovich@xxxxxxxxxxx> wrote: >Denis, > >Surely this is an issue that affects Gerrit as a whole? Have you also >addressed this concern to their community mailing list? I would expect >that other projects that use Gerrit (e.g. Android, OpenStack) would be >even larger targets that Eclipse, and may have already arrived at an >approach. > >On 10/12/2014 8:54 AM, Denis Roy wrote: >> Well, the moment I've been dreading has finally come... malicious >> virus/malware is now in our Gerrit database. >_______________________________________________ >eclipse.org-committers mailing list >eclipse.org-committers@xxxxxxxxxxx >https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers > >IMPORTANT: Membership in this list is generated by processes internal to >the Eclipse Foundation. To be permanently removed from this list, you >must contact emo@xxxxxxxxxxx to request removal.
Back to the top