www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gavin McDonald <ga...@16degrees.com.au>
Subject Re: Heads up - Planning to disable anonymous workspace read access on builds.a.o
Date Sat, 17 May 2014 07:24:10 GMT
Thanks Andrew for looking into this.
Please go ahead and make the necessary changes once you are ready.


On 17/05/2014, at 4:48 AM, David Nalley <david@gnsa.us> wrote:

> On Thu, May 15, 2014 at 4:55 PM, Andrew Bayer <andrew.bayer@gmail.com> wrote:
>> So from https://issues.jenkins-ci.org/browse/JENKINS-23056 it sounds like at
>> least one of the problems we're having with Jenkins hanging is because of
>> attempts to access the workspace of jobs through the UI - when a slave is
>> slow or hanging and that kind of request is made, it can lock up the whole
>> UI. I've contacted the Mahout team regarding their linking to javadocs in
>> job workspaces, and am going to contact the Maven team regarding what looks
>> to be build usage of bits from some of their jobs' workspaces, but I'd also
>> like to nip this in the bud permanently by requiring authentication for
>> access to job workspaces.
>> My thinking is that the only legitimate reason to be accessing the workspace
>> is if you need to in order to debug a failed build - otherwise, if there's
>> something that you want to be publishing from your build, you can use the
>> archive artifacts functionality. Does this sound reasonable to everyone?
> Makes sense to me.
> Jenkins is not a web server; and projects shouldn't be using it as such.
> --David

View raw message