www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <da...@gnsa.us>
Subject Re: Heads up - Planning to disable anonymous workspace read access on builds.a.o
Date Sat, 17 May 2014 03:48:53 GMT
On Thu, May 15, 2014 at 4:55 PM, Andrew Bayer <andrew.bayer@gmail.com> wrote:
> So from https://issues.jenkins-ci.org/browse/JENKINS-23056 it sounds like at
> least one of the problems we're having with Jenkins hanging is because of
> attempts to access the workspace of jobs through the UI - when a slave is
> slow or hanging and that kind of request is made, it can lock up the whole
> UI. I've contacted the Mahout team regarding their linking to javadocs in
> job workspaces, and am going to contact the Maven team regarding what looks
> to be build usage of bits from some of their jobs' workspaces, but I'd also
> like to nip this in the bud permanently by requiring authentication for
> access to job workspaces.
>
> My thinking is that the only legitimate reason to be accessing the workspace
> is if you need to in order to debug a failed build - otherwise, if there's
> something that you want to be publishing from your build, you can use the
> archive artifacts functionality. Does this sound reasonable to everyone?
>

Makes sense to me.
Jenkins is not a web server; and projects shouldn't be using it as such.

--David

Mime
View raw message