www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aristedes Maniatis <...@maniatis.org>
Subject Re: publishing artifacts from hudson build node to people.apache.org
Date Mon, 25 Jan 2010 03:31:41 GMT
On 25/01/10 12:47 PM, Gav... wrote:
> What I think might be a better setup, is for projects to be able to deploy
> to a temp staging area on the
> Hudson Master. The Hudson master then has a special acct to be able to sync
> to people. So, one restricted
> specially setup acct from the master rather than many untrusted users from
> many untrusted slaves.

Some special problems this might raise:

* how will the sync script know which group to assign to files pushed in this way?
* this still means that a break-in to Hudson results in the ability to overwrite every web
site on the Apache server with arbitrary data: if anything this results in a wider security
breach than being able to hack just a single site if separate keys are used.

Ari

-- 
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

Mime
View raw message