Re: [cross-project-issues-dev] Why allowing Hudson to write to your down

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

From: Jesse McConnell <jesse.mcconnell@xxxxxxxxx>
Date: Wed, 14 Sep 2011 07:41:36 -0500
Delivered-to: cross-project-issues-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cross-project-issues-dev>
List-help: <mailto:cross-project-issues-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=unsubscribe>

I heard someone mention that we ought to do away with this issue
entirely and have our project spaces be backed by git repositories

I love that idea :)

jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx



On Wed, Sep 14, 2011 at 06:55, Gunnar Wagenknecht
<gunnar@xxxxxxxxxxxxxxx> wrote:
> Am 14.09.2011 13:41, schrieb Igor Fedorenko:
>> What kind of manual validation do you do to make sure files produces by
>> Hudson have not been maliciously modified by somebody who gained control
>> over Hudson instance (assuming you use Hudson to produce
>> milestone/release builds)?
>
> Release builds are executed manually. Thus, I can usually rely on the
> Hudson logs and timestamp comparison or a flux capacitor. ;)
>
> I guess there is still a chance that some hacker installed a plug-in
> that does byte transformation while my build job is in progress. If you
> really want to be sure ... don't do release builds on Hudson.
>
> -Gunnar
>
>
> --
> Gunnar Wagenknecht
> gunnar@xxxxxxxxxxxxxxx
> http://wagenknecht.org/
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
>

Follow-Ups:
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Thomas Hallgren

References:
- [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Denis Roy
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Igor Fedorenko
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Thomas Hallgren
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Thomas Hallgren
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Igor Fedorenko
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht

Prev by Date: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Next by Date: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Previous by thread: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Next by thread: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Index(es):
- Date
- Thread

Breadcrumbs