[JIRA] [subversion-plugin] (JENKINS-25871) Default "Ignore externals" checkbox to unchecked

[dan...@beckweb.net (JIRA)]

Daniel Beck resolved JENKINS-25871 as Won't Fix Default "Ignore externals" checkbox to unchecked By design for security reasons, see wiki at https://wiki.jenkins-ci.org/display/JENKINS/Subversion+Plugin Change default of ignoreExternalsOption to true. Add help text explaining some of the security risks involved in checking out externals (namely that they can be a route to hijacking credentials that in most cases have full read access to the entire repository and not just the limited subset of the repository that an individual committer's credentials may have read access to. The recommended way to handle externals is to add those as additional modules directly. Thus ensuring that even if a committers machine is hacked or otherwise compromised, their credentials cannot be used to commit a modified build script and svn:external definition that allows the entire contents of the Subversion repository to be zipped up and FTP'd to a remote server) Since this issue does not argue against the reasons specified there, resolving as Won't Fix. Address those and it would make sense to reopen. Change By: Daniel Beck (03/Dec/14 2:12 AM) Status: Open Resolved Resolution: Won't Fix

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.