On Mon, 2013-02-04 at 19:13 +0100, Ferenc Kovacs wrote: > yeah, that would work also, but it has some of the concerns that were > mentioned about the git push way: > if you somehow compromise the jenkins box, you can get rouge commits to the > jenkins git.php.net repo. > as I mentioned, I think I will use some 3rd party repo(github probably) for > the configs and manually merge stuff to the web/jenkins repo on > git.php.netonce in a while.
Well, when having the git server pulling: what could happen? - An attacker might write new revision of config files. It can't do forced pushes or such to hide his traces, the attacker can't abuse the account for other things like deleting notes oder manipulating bug reports. But then again: I have no idea about the nature of config files :-) johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
