impala-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Apple <jbap...@cloudera.com>
Subject Re: Jenkins jobs to verify patches
Date Wed, 14 Dec 2016 18:12:50 GMT
Kudu runs tests preemptively when a gerrit patch first appears.
On Dec 14, 2016 9:58 AM, "Tim Armstrong" <tarmstrong@cloudera.com> wrote:

> I mean the contributor could email an email address (e.g. a mailing list)
> asking for credentials and we could email them privately.
>
> Do we know what other Apache projects do for situations like this?
>
> On Wed, Dec 14, 2016 at 9:18 AM, Alex Behm <alex.behm@cloudera.com> wrote:
>
> > Can you clarify the "credentials by mailing list" approach?
> >
> > If we send out the credentials on a public list, it's pretty close to
> open
> > access.
> >
> > If we send out credentials to contributors privately, we have an
> additional
> > hurdle to contributions.
> >
> > On Wed, Dec 14, 2016 at 9:12 AM, Tim Armstrong <tarmstrong@cloudera.com>
> > wrote:
> >
> > > Got it.
> > >
> > > I think I'd probably be more in favour of handing out login credential
> to
> > > contributors on demand (e.g. by mailing a list)  rather than having
> open
> > > access, just so we have a clearer idea of who's using it. I don't have
> a
> > > strong objection to the alternative.
> > >
> > > On Wed, Dec 14, 2016 at 8:52 AM, Jim Apple <jbapple@cloudera.com>
> wrote:
> > >
> > > > > How isolated is the Jenkins instance?
> > > >
> > > > As far as I know, the workers have little access to the coordinator.
> > See
> > > > here:
> > > >
> > > > https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+
> > > Master+Access+Control
> > > >
> > > > This flag is on and there are no whitelisted exceptions.
> > > >
> > > > > Does the jenkins user have many privileges on the VM?
> > > >
> > > > They have passwordless sudo on the worker
> > > >
> > > > > Could it simply wipe
> > > > > out the job history to destroy the trail?
> > > >
> > > > Job history is stored on the coordinator.
> > > >
> > > > > Jenkins also presumably has
> > > > > credentials to make at least some changes to gerrit - are those
> > > > privileges
> > > > > restrictive enough that it couldn't cause problems there too?
> > > >
> > > > Those are stored only on the coordinator and cannot be used by the
> > > slaves.
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message