> On Dec 7, 2018, at 11:56 PM, Alex Harui <aha...@adobe.com.INVALID> wrote:
>
>
>
> On 12/7/18, 10:49 PM, "Allen Wittenauer"
> <a...@effectivemachines.com.INVALID> wrote:
>
>
>
>> On Dec 7, 2018, at 10:22 PM, Alex Harui <aha...@adobe.com.INVALID> wrote:
>>
>> Maven's release plugins commit and push to Git and upload to repository.a.o.
>> I saw that some folks have a node that can commit to the a.o website SVN.
>> Is anyone already doing releases from builds? What issues are there, if any?
>
> It's just flat out not secure enough to do a release on.
>
> Can you give me an example of how it isn't secure enough?
The primary purpose of these servers is to run untested, unverified
code.
Jenkins has some very sharp security corners that makes it trivially
un-trustable. Something easy to understand: when Jenkins is configured to run
multiple builds on a node, all builds on that node run in the same user space.
Because there is no separation between executors, it's very possible for anyone
to execute something that modifies another running build. For example,
probably the biggest bang for the least amount of work would be to replace jars
in the shared maven cache.
[... and no, Docker doesn't help.]
There are other, bigger problems, but I'd rather not put that out in
the public.
