Re: [cross-project-issues-dev] [Hudson] access to Hudson build configur

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public

From: Oisin Hurley <oisin.hurley@xxxxxxxxx>
Date: Wed, 11 Mar 2009 15:13:40 +0000
Delivered-to: cross-project-issues-dev@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=k7+Ij5YeBkTmpjtTdp73RqnSjA642QVIxnLOIBQYLhJHGKKEac4uj6jeSWHkgH57gO pUYU99u5lNECJeJuoKY2fCQGsavpQk8lyhzExxI2qioA7lh1+fPdmjLLYU2cx4VLUd8r +yFe0rlRG5hBPEMhRRdvjjx0eNPGghPdQuemI=
List-archive: <https://dev.eclipse.org/mailman/private/cross-project-issues-dev>
List-help: <mailto:cross-project-issues-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=unsubscribe>

> For what it's worth, Hudson was set up by (Rich Gronback? Adrian Skehill?)
> specifically for the Galileo build.  I'm a bit out of the loop, but it seems
> people are using it for much more than that.

I know - it works and we all piled on and constructed a favela out
of the available materials. Now we are demanding clean water and
sanitation ;-)

>Perhaps Rich, Adrian and/or
> other Hudson experts can chime in and configure it to be more secure?

If you try to create a new job, then you get asked to log in. If you go to
the home page, you get asked to log in. If you view a job, then hit
'configure' or 'build now' it doesn't ask you to log in. So I think we need
to start with requiring login for those capabilities (and of course things
like 'delete project', 'edit description', basically anything writable).

Maybe the most lightweight action to take now is let apache
do the securing [1]?

 --oh

[0] http://wiki.hudson-ci.org/display/HUDSON/Securing+Hudson
[1] http://wiki.hudson-ci.org/display/HUDSON/Apache+frontend+for+security

Follow-Ups:
- Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
  - From: Adrian Skehill
- Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
  - From: Denis Roy
- Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
  - From: Markus Knauer

References:
- [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
  - From: Oisin Hurley
- Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
  - From: Denis Roy

Prev by Date: Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
Next by Date: Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
Previous by thread: Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
Next by thread: Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
Index(es):
- Date
- Thread

Breadcrumbs