Hi again,
On Thu, 2020-09-24 at 15:34 +0900, Tristan Van Berkom wrote:
> Hi all,
>
> Not long ago before the mailing list migration, I brought up a thorough
> proposal[0] after discussing the mess which is "artifact cache
> configuration".
We never discussed or came to any conclusions for this proposal[0].
Yesterday I noticed more problems surrounding this mess.
As outlined here[1] in issue #845, projects which recommend artifact
cache configurations can impact commands which operate on artifacts
from random projects.
I.e. something like this:
* cd project_a
* bst build foo.bst
* cd ../project_b
* bst artifact push "project_a/foo.bst/<cache_key>"
In this case, it is almost certain that an artifact from project_a will
be pushed to an artifact server recommended for project_b, if you have
the credentials for the cache server recommended by project_b, then you
have just inadvertently leaked binaries belonging to project_a to the
organization owning project_b.
This is a bit orthogonal and can be addressed while still retaining the
the ability for a project.conf to make "recommendations" for user
configurations like artifact cache and RE services, but still
emphasizes the importance of sorting out the original proposal.
I think that I can solve the original proposal above in[0] with some
iterations in my space cycles, but I need us to come to a consensus on
that proposal first.
Cheers,
-Tristan
[0]: https://mail.gnome.org/archives/buildstream-list/2020-May/msg00018.html
[1]: https://gitlab.com/BuildStream/buildstream/-/issues/845#note_450629592
