[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] HIPP user rights

To add/document another reason why Hudson workspaces should not be shared with anonymous users: IP issues. If you have build time dependencies that are not approved for re-distribution (eg., works-with or test-only dependency) you must ensure that they are not  downloadable.

-Gunnar

-- 
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx, http://guw.io/






> Am 22.02.2016 um 16:36 schrieb Thanh Ha <thanh.ha@xxxxxxxxxxxxxxxxxx>:
> 
> In my opinion workspaces should not be shared with anonymous users as there's no way to know for sure what is beign shared and they only exist until the next build starts, which depending on how active your project is might not be very long. Instead if you want to retain certain files such as logs you should use the Hudson Archiving feature to save specifically selected data with the build results.
> 
> Regards,
> Thanh
> 
> On Mon, Feb 22, 2016 at 6:44 AM, Christian Pontesegger <christian.pontesegger@xxxxxx> wrote:
> Hi,
> 
> we had this topic with some bad commits that were used to inject bad code that runs on HIPP and may harm the eclipse infrastructure. So I guess we might help these attackers a little when we expose what our build jobs do and how the workspace looks like. This was the reason I asked for any security concerns.
> 
> cheers
> Christian
> _______________________________________________
> cbi-dev mailing list
> cbi-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/cbi-dev