Re: [cbi-dev] HIPP user rights

[Mikaël Barbero <mikael@xxxxxxxxxxx>]

Even as a committer I get frustrated at not being able to see how some other project handles a particular build problem.

As a committer you should be able to log into any other HIPP and see their job configurations in read-only mode. If you can't, please raise a bug as this is the default that is applied to all HIPPs (with a few exceptions like ECF which runs OSGi compliance tests that require an NDA).

Cheers,

Mikael

    Regards

        Ed Willink

On 22/02/2016 15:36, Thanh Ha wrote:

In my opinion workspaces should not be shared with anonymous users as there's no way to know for sure what is beign shared and they only exist until the next build starts, which depending on how active your project is might not be very long. Instead if you want to retain certain files such as logs you should use the Hudson Archiving feature to save specifically selected data with the build results.

Regards,

Thanh

On Mon, Feb 22, 2016 at 6:44 AM, Christian Pontesegger <christian.pontesegger@xxxxxx> wrote:

Hi,

we had this topic with some bad commits that were used to inject bad code that runs on HIPP and may harm the eclipse infrastructure. So I guess we might help these attackers a little when we expose what our build jobs do and how the workspace looks like. This was the reason I asked for any security concerns.

cheers
Christian

_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cbi-dev

_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cbi-dev

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail