Ouch, that is not good. Yes, I agree we should
definitely tighten things down.
For what it's worth, Hudson was set up by (Rich Gronback? Adrian
Skehill?) specifically for the Galileo build. I'm a bit out of the
loop, but it seems people are using it for much more than that.
Perhaps Rich, Adrian and/or other Hudson experts can chime in and
configure it to be more secure?
Denis
Oisin Hurley wrote:
I just received a worrying email which stated that Hudson job configurations
are editable by anyone with the correct URL for the job..
I just managed to confirm this.
When I go to build.eclipse.org/hudson, I'm asked to login with my
build infrastructure credentials. If I go direct to the job, for example
https://build.eclipse.org/hudson/job/stp.sca-tools.trunk/
then I don't have to log in at all and can muck about with the
job at will :(
I'd like to keep build control in the hands of the project leads and
designated builders only - requiring b.e.o. login would be good
enough.
Do you think we could introduce some access control on those
jobs pages?
--oh
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
--
Denis Roy

|