Seems as though my information on that websites node is out of date. That's no longer a node and is handled separately: https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features#git.asf.yamlfeatures-WebSiteDeploymentServiceforGitRepositories
If I recall correctly, I believe some infra-specific jobs have been migrated to their own Jenkins controllers with the CloudBees CI migration. On Mon, 4 Jan 2021 at 13:18, Vladimir Sitnikov <sitnikov.vladi...@gmail.com> wrote: > > Thanks for explaining the Jenkins security model. > > Matt> which can write to ASF infrastructure that I know of are all in the > Matt> websites node which have scripts and such explicitly to secure its use > Matt> case (mostly via the .asf.yaml config options for your site branch). > > I am afraid I do not follow you. > > An arbitrary script (e.g. one of the Maven plugins) can write to ASF > repositories when it runs > at website node. > It sounds like a much more significant issue than GitHub Action. > > Vladimir
