gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <>
Subject [RT] Usecase for CA / asylum -- access to gump data (eg webdav bridge)
Date Tue, 17 Jan 2006 17:05:10 GMT
Hi gang (primarily for david reid),

For the longest time, every now and then a gump "user" (eg a committer on some
ASF project that is being built by gump) needs to get access to the build
output (eg logs, jars, stuff) that gump built for his project.

At some point we simply published the entire build tree from gump over HTTP.
This sort-of worked but had a serious downside -- people were using the outputs
from gump as regular "nightly builds" and gump-generated jars popped up all over
the place. Besides these files often having problems (since they were compiled
against and from CVS), there was some serious security risks (since gump by its
design is not good at producing secure artifacts) and hence some liability. We
decided we couldn't be doing this.

Ever since, we've been using "stopgap measures" every now and then, manually
tarring up a project's directory and sending it via eg e-mail or some other
file-sharing mechanism.

It would be great if there was an easy way for any ASF committer to get at the
gump build tree (eg filesystems hosted on, or on, or elsewhere in the future) using eg something like
WebDAV, but not for the general public. What we really don't want to use for
this is something like an rsync of the svn htpasswd file, since the machines
that gump runs on really shouldn't be trusted.

I don't know how to set this up properly (perhaps a reverse proxy between a
trusted host that does the auth and the gump host running a webdav server,
with the gump host restricting access based on IP / being on the internal
network), I also don't know how well this ties into the BadCA / asylum / etc
infrastructure currently under development, but it seems there is some kind of
overlap and another possible usecase.

Just a random thought. No clue whether I'll be able to pursue this or contribute
or whatever. Maybe someone has time :-)

- Leo

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message