On Wed, 2012-07-18 at 13:34 -0400, Heiko W.Rupp wrote: > Am 18.07.2012 um 13:00 schrieb Robert Middleswarth: > > > I need trust to be earned so I +1 on whitelist. With that said I think > > getting on the whitelist should be pretty easy. > > Isn't that what you usually do on projects - have the first few commits not > directly go to master but being > reviewed by an existing committer and then giving full commit access to a new > user? > So I think that fits in and fits with what new committers are used to. Many > of them actually would be scared > if they got commit access from day 1.
It's not commit access that is being discussed. We're not giving that away easily. Jenkins provides the ability to trigger builds/tests on patch submission (just submission, not commit). A savvy attacker could write a patch that could cause the tests to compromise the jenkins slave machine. The whitelist being proposed is a whitelist for running the build/test based on who submitted the patch. Mike > > Heiko > > _______________________________________________ > Infra mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/infra _______________________________________________ Infra mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/infra
