|Re: [eclipse.org-committers] Malicious executable content in Gerrit contributions|
On 12/10/2014 04:47 PM, Thanh Ha wrote:
Ok, so it seems like that's what we should do for verification jobs. I believe verification jobs don't need advanced permissions or access in general and are totally fine to run in a VM or a container.
However, regular jobs, such as building the latest revision, often need ability to push to download.eclipse.org so they need stronger access to download.eclipse.org. But the code built by those jobs can be trusted, as it has been written or approved by committers.
The best usage scenario would would be that the Gerrit Hudson plugin automatically wrap the job in a container/VM, so no one would have to explicitly configure that. However, I don't know how possible it is.
Back to the top