[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [cross-project-issues-dev] [HIPP] Visibility of Hudson configuration for anonymous users
|
Anonymous users can see the console log which prints in order everything
that's run although I guess does require more parsing on the reader's
part to figure out the job full setup.
I do like the idea of allowing people to see how a job was setup but I
do have a concern related to security. The extended read plugin seems to
allow users to see the entire configuration page of a job without hiding
any settings and I think at least 1 configuration setting might be open
to abuse and that is the "Trigger builds remotely" build trigger which
would allow anonymous users to see the authentication token, and
potentially trigger jobs that use this type of trigger without the
project's permission.
I just double checked the shared instance and we actually do NOT enable
extended read for anonymous users. It's actually only enabled for all
Eclipse committers. I'd be more comfortable enabling the same for HIPP
by default if this was the case.
Thanh
On 09/01/14 04:32 AM, Henrik Rentz-Reichert wrote:
same for eTrice HIPP (https://hudson.eclipse.org/etrice/)
+1
Henrik
Zitat von "Wenz, Michael" <michael.wenz@xxxxxxx>:
Same for Graphiti HIPP.
+1
Thanks for pointing out,
Michael
-----Original Message-----
From: cross-project-issues-dev-bounces@xxxxxxxxxxx
[mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of
Ed Willink
Sent: Donnerstag, 9. Januar 2014 09:39
To: Cross project issues
Subject: Re: [cross-project-issues-dev] [HIPP] Visibility of Hudson
configuration for anonymous users
HI
Thanks Michael
+1
I certainly want my OCL/QVTd HIPP to be accessible and have been
inconvenienced by not being able to access other HIPPs.
Regards
Ed Willink
On 09/01/2014 08:11, Mikaël Barbero wrote:
Hi all,
I often struggle to build (or setup a CI build for) eclipse
projects. Sometimes, there is a wiki page about how to build the
project, but it may be outdated or not complete. I often want to
see how the project setup its jobs on hudson in order to know how I
should properly build the project.
On the shared instance, it was possible for anonymous users but it
is no longer available by default on HIPP instances. Project
leaders have to install the Extended Read Permission Plugin
(https://wiki.jenkins-ci.org/display/JENKINS/Extended+Read+Permission+Plugin)
by themselves and configure the additional permission for Anonymous.
I did it for EMF Compare (e.g. see
https://hudson.eclipse.org/emfcompare/job/emfcompare-master/), and
I can ask individually to projects of interest to do it, but I
think would be good to make it a rule to let anonymous users see
the jobs configurations on HIPP. It should not be a choice let to
the HIPP owners because I think the availability of how to build an
open source project is an important criteria in order to consider
it truly open.
Do not see this mail as a rant against projects that did not install
this plugin. They may not be aware of the issue. I just would like
to know your opinion. If you agree, I will open a bug about it to
see how to make it real for all HIPP instances.
Best regards,
Mikael
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4259 / Virus Database: 3658/6986 - Release Date:
01/08/14
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
07551/831365
----- Ende der weitergeleiteten Nachricht -----
