Re: [cross-project-issues-dev] Hudson upgrade

["Matthew Ward(Esq.)" <matt.ward@xxxxxxxxxxx>]

Hi,

 David you make an excellent point.  I've filed bug 
334789(https://bugs.eclipse.org/bugs/show_bug.cgi?id=334789) to track this.

The main fix is in 1.383, but they've done some work on the ssh and scm 
plugins in 1.386 which would be nice to get as well.  In the end I 
suggest 1.389 as that was the recommended update for our sandbox.

-Matt.

David M Williams wrote:
> I think that old issue was captured in bug 326366 
> <https://bugs.eclipse.org/bugs/show_bug.cgi?id=326366>.
>
> I'm fine with the Monday time ... and "privilege escalation risks" 
> sounds like a security concern ... so seems pretty important (if not 
> urgent?)
>
> And maybe it has been, and I just missed it, and not documented in 
> mailing list post, but I would suggest when an upgrade is desired or 
> happening that it be documented in a bugzilla, where pros, cons, 
> rationale, etc., can be discussed and documented. This especially 
> helps if subsequent problems are encountered, roll-back required, etc. 
> Or if we need to remind ourselves several months later why we upgraded 
> :) Just easier to find than if on mailing list only (at least to me).
>
> I do recall, and see in that old bug 326366, that getting the very 
> latest weekly build is a bit risky ... so glad you are not doing that 
> ... but I do wonder why 1.389 was chosen. It is only a month old. But 
> I'm assuming it is the first one with a fix? I also checked the apache 
> hudson server and seems they are still at version 1.383 (2.5 months 
> old)  ... so, just wondering. No objections. No complaints. Appreciate 
> the care.
>
> Thanks,
>
>
>
>
>
> From:        Trip Gilman <trip@xxxxxxxxxxxxxxx>
> To:        Eclipse Cross Project Issues 
> <cross-project-issues-dev@xxxxxxxxxxx>
> Date:        01/18/2011 11:55 AM
> Subject:        Re: [cross-project-issues-dev] Hudson upgrade
> Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx
> ------------------------------------------------------------------------
>
>
>
> I seem to remember running into several issues a couple months ago related
> to upgrading.  Have these issues been checked on the new version?  I 
> seem to
> remember them being related to building on slaves.
>
> Trip Gilman
>
>
> On 1/18/11 10:06 AM, "Webmaster(Matt Ward)" <webmaster@xxxxxxxxxxx> wrote:
>
> > Hi Folks,
> >
> >   I've had a couple of people report Hudson issues that look to be
> > privilege escalation risks.  As such I'm going to update us to version
> > 1.389 on thursday(at 12pm EST).
> >
> > I've installed that version on the sandbox, and things seem ok.  If
> > you'd like me to create a job on the sandbox so you can test your build
> > before the update just let me know.
> >
> > If you have any questions or concerns(or if this is a bad time for the
> > train projects) just let me know.
> >
> > -Matt.
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>