Everything Gunnar said regarding security is true. However, we do support this use case and webmaster can setup a ssh deploy for your Hudson instance. You just need to fill a bug on the Community > Hudson component (https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Hudson <https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Hudson>) and ask for it.
Cheers, Mikael > Le 1 nov. 2016 à 13:52, Gunnar Wagenknecht <[email protected]> a écrit : > > GitHub support's the notion of dedicated repository SSH deploy keys. Those > are decoupled from your user account and can be granted write access to a > repository. > > However, issues remains to any Hudson instance using such a key. As the > Hudson user needs read access to the key and it's passphrase, it's possible > for an attacker to create a Gerrit review or pull request that might expose > the key. There is no way to prevent it unless it. Thus, the Mylyn team did > put a whitelisting mechanism in place to auto-build/verify reviews only from > trusted people. > > As a GitHub hosted OSS project, you should use Travis. > > See: > https://github.com/alrra/travis-scripts/blob/master/doc/github-deploy-keys.md > <https://github.com/alrra/travis-scripts/blob/master/doc/github-deploy-keys.md> > and > https://docs.travis-ci.com/user/pull-requests#Pull-Requests-and-Security-Restrictions > > <https://docs.travis-ci.com/user/pull-requests#Pull-Requests-and-Security-Restrictions> > > -Gunnar > > -- > Gunnar Wagenknecht > [email protected] <mailto:[email protected]>, http://guw.io/ > <http://guw.io/> > > > > > > >> On 1 Nov 2016, at 09:43, Christoph Daniel Schulze >> <[email protected] <mailto:[email protected]>> wrote: >> >> Hi everyone, >> >> at the Eclipse Layout Kernel we are currently thinking about how best to >> provide documentation about layout algorithms and supported layout >> options to our users. The main place where we host documentation is our >> GitHub wiki. What we are currently thinking about is to generate Wiki >> documentation from the meta data about our algorithms at compile time >> and push that to the wiki repository. >> >> For this to work, our Hudson instance would need write access to that >> repository. One way to do that would be to give it an SSH key for my >> GitHub account, but that solution doesn't appeal to me very much for >> security reasons. Does anyone do something similar with less security >> problems? >> >> I presume that it would probably be easier to give our Hudson write >> access to our Eclipse website repository. However, I would prefer to >> keep all documentation bundled up at a single place instead of spreading >> it out over different websites. >> >> Cheers, >> Christoph Daniel >> >> _______________________________________________ >> incubation mailing list >> [email protected] <mailto:[email protected]> >> To change your delivery options, retrieve your password, or unsubscribe from >> this list, visit >> https://dev.eclipse.org/mailman/listinfo/incubation > > _______________________________________________ > incubation mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://dev.eclipse.org/mailman/listinfo/incubation
_______________________________________________ incubation mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/incubation
