Re: PRJenkins builds for Projects

[Allen Wittenauer]

> On Jan 4, 2019, at 2:00 AM, Christofer Dutz <christofer.d...@c-ware.de> wrote:
> 
> Hmmm,
> 
> thinking about it ... this is not quite "safe" is it? Just imagining someone 
> starting PRs with maven download-plugin and exec-plugin starting a bitcoin 
> miner or worse ... what does Infra think about this?
> Would prefer the "everyone" PR builds to run on Travis or something that 
> wouldn't harm the ASF.

        This is the same model the ASF has used for JIRA for a decade+.  It’s 
always been possible for anyone to submit anything to Jenkins and have it get 
executed. Limiting PRs or patch files in JIRAs to just committers is very 
anti-community. (This is why all this talk about using Jenkins for building 
artifacts I find very entertaining.  The infrastructure just flat out isn’t 
built for it and absolutely requires disposable environments.)