https://bugzilla.gnome.org/show_bug.cgi?id=621236
sysadmin | Other | unspecified
Alejandro Piñeiro Iglesias <apinheiro> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #3 from Alejandro Piñeiro Iglesias <[email protected]>
2010-12-02 11:41:09 UTC ---
(In reply to comment #2)
> What are the implications of globally opening this port on the host firewall?
> Is there any application-level restrictions that can be put in place (ie; you
> can limit the build slaves at the application, and don't need to rely on us to
> update iptables)?
>
> What other security concerns might we face by globally allowing this port? Can
> anyone attach a build server to this port? What consequences would this have?
No, not anyone can attach a build slave. In order to attach a new build slave
you need a login and a password. The list of allowed build slaves are saved as
part of the configuration of the master installed at RHEL5. The idea is that
the build brigade maintainers (AFAIK: Olav, Frederic, Iago an me) would give a
login and password to any allowed slave. But as the description says, due this
firewall rule, it is also required to ask sysadmin to include the new IP.
> If you could give me a better idea of how the build master/slave process works
> I (we) can better determine the possibility of this request.
CCing myself in order to try to answer any other question.
More information here: http://live.gnome.org/BuildBrigade/DocsAndGuides
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.
_______________________________________________
gnome-infrastructure mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
