|Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions|
On Wed, Dec 10, 2014 at 7:35 AM, Mike Milinkovich <mike.milinkovich@xxxxxxxxxxx> wrote:Denis,
Surely this is an issue that affects Gerrit as a whole? Have you also addressed this concern to their community mailing list? I would expect that other projects that use Gerrit (e.g. Android, OpenStack) would be even larger targets that Eclipse, and may have already arrived at an approach.Android certainly has. Android runs each change in its own, brand new, network isolated virtual machine. The system is built on top of Google Compute Engine to spin-up and tear-down new VMs rapidly.I don't know what OpenStack does.