[OpenAFS-devel] Rehashing gerritt auto-build security

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 05 Nov 2010 20:51:05 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig55A950A6319744D4CAA1E202
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 11/5/2010 8:38 PM, Jason Edgecombe wrote:
> hi,
>=20
> I would like to bring up the topic of security for the gerrit
> auto-builds. Currently, anyone in the world may submit code to gerrit
> and that will be built by the buildslaves with no extra approvals neede=
d
> and no questions asked.
>=20
> Do we want to continue with this arrangement?

Absolutely not.
>=20
> When this was last discussed, a flag in gerrit was mentioned, but no
> action has been taken to my knowledge.

What we would prefer is that patchsets be built only when the following
conditions are met:

 1. the "Committer" is on a trusted list or a member of the
    trusted list has given a positive "Code Review"

 2. the submission is the most recent patchset for the issue.
    (if a series of patchsets have been submitted to gerrit before
     the build slaves can get to them, those that are out of date
     should be skipped and builds in progress should be canceled)

Jeffrey Altman


--------------enig55A950A6319744D4CAA1E202
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJM1KZ7AAoJENxm1CNJffh4RywH/0Z6oJ4uNe/u03PKlTqW2lr6
OFjd3Wuj9LY8blOmtnFms9YGmVUXyWDvrXZZS8uW9bLM0JZGhQ0q9Ct1vXetnabZ
cmvD7Q5KB+SWlueySxiRHIOQ0M53SXo9D8vZbjCvMapAotPXk1syVUPYbFBQuS4B
G62A3dLZYWNvXr5sQUmu+8NKqyS2ecfoBxKWjdONon2QYvrkEIVFQTZkbPUBn23j
FIXDhOtN9e5UheQiCEVZbvt0wHzjT1C3cqbr0zZKq9n5UUINmtyGPUuef32CVAwy
hW1dM1DUjR+rYn22Ie14puhlu/TLHP8nggOugKy16U1qZA2BOKnnxsqqjaHyYfM=
=+PYP
-----END PGP SIGNATURE-----

--------------enig55A950A6319744D4CAA1E202--