I'm fine with Tim's approach, but it does add some friction to contributions.
On Wed, Dec 14, 2016 at 9:57 AM, Tim Armstrong <[email protected]> wrote: > I mean the contributor could email an email address (e.g. a mailing list) > asking for credentials and we could email them privately. > > Do we know what other Apache projects do for situations like this? > > On Wed, Dec 14, 2016 at 9:18 AM, Alex Behm <[email protected]> wrote: > > > Can you clarify the "credentials by mailing list" approach? > > > > If we send out the credentials on a public list, it's pretty close to > open > > access. > > > > If we send out credentials to contributors privately, we have an > additional > > hurdle to contributions. > > > > On Wed, Dec 14, 2016 at 9:12 AM, Tim Armstrong <[email protected]> > > wrote: > > > > > Got it. > > > > > > I think I'd probably be more in favour of handing out login credential > to > > > contributors on demand (e.g. by mailing a list) rather than having > open > > > access, just so we have a clearer idea of who's using it. I don't have > a > > > strong objection to the alternative. > > > > > > On Wed, Dec 14, 2016 at 8:52 AM, Jim Apple <[email protected]> > wrote: > > > > > > > > How isolated is the Jenkins instance? > > > > > > > > As far as I know, the workers have little access to the coordinator. > > See > > > > here: > > > > > > > > https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+ > > > Master+Access+Control > > > > > > > > This flag is on and there are no whitelisted exceptions. > > > > > > > > > Does the jenkins user have many privileges on the VM? > > > > > > > > They have passwordless sudo on the worker > > > > > > > > > Could it simply wipe > > > > > out the job history to destroy the trail? > > > > > > > > Job history is stored on the coordinator. > > > > > > > > > Jenkins also presumably has > > > > > credentials to make at least some changes to gerrit - are those > > > > privileges > > > > > restrictive enough that it couldn't cause problems there too? > > > > > > > > Those are stored only on the coordinator and cannot be used by the > > > slaves. > > > > > > > > > >
