Hi,
In the past, Sam had provided some configuration so that Gump would upload every day the Cactus website (built as part of the Cactus build) to jakarta.apache.org/cactus. That was quite nice.
I'd love to see Gump(y) add even more value to projects (such as
deploying their web sites every night - for Apache projects who
configure this in their deployment descriptors).
Note: I think related security issues can be solved without too much problem (for example by allowing only to deploy to cvs.apache.org).
Thoughts?
-1
this is a asking for trouble.
Gump is the most insecure system ever, since it downloads software from all over the world. This means that even a committer of a library that we depend upon could gain control of gump and use its ssh keys to upload nasty content on your web site.
In a security chain, the weakest ring is the problem, not the strongest, and gump has soooooo many of these weak rings that it is actually impressive that nothing has happened so far.
There are talks with infrastructure guys about setting up the new gump machine so that it is *wiped out* every night and reinstalled completely from scratch, operating system included.
Rather drastic, I agree, but if we want gump to be trusted by the HTTPD folks we must start thinking about security way more seriously and not trust any artifact that gump produces.
-- Stefano.
smime.p7s
Description: S/MIME Cryptographic Signature
