Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

Am 14.09.2011 13:41, schrieb Igor Fedorenko:
> What kind of manual validation do you do to make sure files produces by
> Hudson have not been maliciously modified by somebody who gained control
> over Hudson instance (assuming you use Hudson to produce
> milestone/release builds)?

Release builds are executed manually. Thus, I can usually rely on the
Hudson logs and timestamp comparison or a flux capacitor. ;)

I guess there is still a chance that some hacker installed a plug-in
that does byte transformation while my build job is in progress. If you
really want to be sure ... don't do release builds on Hudson.

-Gunnar


-- 
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx
http://wagenknecht.org/


Back to the top