I raised this on infra a little while ago and there was agreement that keeping
SSH keys on Hudson is pretty dangerous. At the least, the SSH user will need to
be able to change your live production web site. So any compromise of Hudson
servers will by default allow an attacker to change Apache web sites which lets
them inject malicious keys, code, etc.
My way seems safer all around, with the downside is that you have to get your
timing right and the changes will happen with a bit of a delay. But for
Javadoc, that didn't seem to be a problem. Don't know about your requirements.
Ari
On 25/01/10 12:14 PM, Andreas Andreou wrote:
Thanks... So, you're doing it the other way around... interesting !
For the record, i've also found
http://struts.apache.org/2.1.8.1/docs/apache-struts-pseudo-nightly-builds-on-apache-hudson.html
which basically describes that the struts guys use the 'wesw' account
for sshing to people.apache.org
On Mon, Jan 25, 2010 at 02:56, Aristedes Maniatis<a...@maniatis.org> wrote:
On 25/01/10 11:24 AM, Andreas Andreou wrote:
How are people making this work? Is any apache project using hudson to
update
parts of their website?
Yes, I'm pulling Javadocs from Hudson like this:
http://svn.apache.org/repos/asf/cayenne/site/trunk/tlp-site/bin/deployJavadoc.sh
Ari
--
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
--
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
