On Wed, Dec 14, 2016 at 1:33 PM, Bharath Vissapragada <[email protected]> wrote: > Just wondering why we can't link Jenkins authentication with gerrit login
Gerrit login is just github login, and so provides little in the way of access control. Additionally, Jenkins has weak support for other authentication methods, often through outdated or flaky plugins. > isolate Jenkins to only run > code thats approved (+2ed) over gerrit. That's a different question, and one we could probably do. > With this, any new contributor > (whoever has signed up on gerrit) can have access to the jenkins box It doesn't quite work like that - if we wanted to do that, each Jenkins job would have to authenticate that the patch had been +2ed. That would also prevent speculative testing of non-+2ed patches by committers, which is a legitimate use case.
