infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Harui (JIRA)" <>
Subject [jira] [Commented] (INFRA-17540) Allow Jenkins jobs to commit/push to SVN and Git
Date Thu, 03 Jan 2019 23:38:00 GMT


Alex Harui commented on INFRA-17540:

[~busbey] AFAICT, release policy on requires that the artifacts be verified by hardware owned
and physically controlled by the RM.  The link
currently says:

"Strictly speaking, releases must be verified on hardware owned and controlled by the committer.
That means hardware the committer has physical possession and control of and exclusively full
administrative/superuser access to. That's because only such hardware is qualified to hold
a PGP private key, and the release should be verified on the machine the private key lives
on or on a machine as trusted as that."

I have not verified that Maven's release plugin, and Nexus will let artifacts be staged without
a PGP signature.  But we can't even get that far without first being able to let the Maven
release plugin remove SNAPSHOT from versions in the POMs.

> Allow Jenkins jobs to commit/push to SVN and Git
> ------------------------------------------------
>                 Key: INFRA-17540
>                 URL:
>             Project: Infrastructure
>          Issue Type: Improvement
>          Components: Buildbot, Jenkins
>            Reporter: Alex Harui
>            Priority: Major
> Creating this issue so we don't lose track:
> Per this thread:
> It would be great if Jenkins jobs could commit/push to SVN and/or Git.
> I think if there was a "user" in LDAP called buildbot or build@a.o, then projects could
see which commits are coming from builds.a.o.
> Maven builds might also require allowing this "user" to PGP sign as well.

This message was sent by Atlassian JIRA

View raw message