[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Newsgroup Home]
|
[news.eclipse.tools.buckminster] Re: Hudson Plugin for Buckminster
|
Johannes Utzig wrote:
> all I can do in the plugin is to not print the command line invocation
> if that helps you, key auth would need to be implemented on the
> buckminster side.
Yep, that's why I think adding this in your Hudson plug-in is the wrong
direction. Let's see if the buckminster end can be improved (e.g.
reading the pass from a special file or use equinox security).
> If storing the password in the hudson config is safe or not depends on
> the hudson security settings and the file permissions on the hudson
> config files (and file system encryption).
Since Hudson runs as a special user (e.g. tomcat), file permissions do
not really help. Most users of the system will be able to ream 'em.
> Isn't it kind of unusal that a build server uses actual credentials
> instead of having its own?
Yeah, but that's the way eclipse.org handles signing. You do not get a
special account for signing. Instead your regular user account is added
to a group which is allowed to sign bundles.