gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: [RT] Gumpy deploying websites?
Date Fri, 12 Mar 2004 14:38:06 GMT
Vincent Massol wrote:

> Hi,
> 
> In the past, Sam had provided some configuration so that Gump would
> upload every day the Cactus website (built as part of the Cactus build)
> to jakarta.apache.org/cactus. That was quite nice.
> 
> I'd love to see Gump(y) add even more value to projects (such as
> deploying their web sites every night - for Apache projects who
> configure this in their deployment descriptors). 
> 
> Note: I think related security issues can be solved without too much
> problem (for example by allowing only to deploy to cvs.apache.org).
> 
> Thoughts?

-1

this is a asking for trouble.

Gump is the most insecure system ever, since it downloads software from 
all over the world. This means that even a committer of a library that 
we depend upon could gain control of gump and use its ssh keys to upload 
nasty content on your web site.

In a security chain, the weakest ring is the problem, not the strongest, 
and gump has soooooo many of these weak rings that it is actually 
impressive that nothing has happened so far.

There are talks with infrastructure guys about setting up the new gump 
machine so that it is *wiped out* every night and reinstalled completely 
from scratch, operating system included.

Rather drastic, I agree, but if we want gump to be trusted by the HTTPD 
folks we must start thinking about security way more seriously and not 
trust any artifact that gump produces.

-- 
Stefano.


Mime
View raw message