On 03/18/2015 10:55 AM, David Kranz wrote: > Apologies if this is covered somewhere. I was wondering what, if > anything, we do to prevent some one from uploading code to gerrit that, > for example, sends email bomb threats or other malicious actions?
We do nothing - this is one of the main reasons that we treat all of our build hosts as compromised and hostile and that we delete them after running a single job. The mitigating factor so far is that if you did that, the patch would be tracked back to the account you used which would be tied to the legal agreements you signed, etc. It's not exactly a short process to get up and going with being able to submit patches. We also have hard externally controlled timeouts on jobs, so at worst you'd only get a mailbot for a chunk of time ... and then we'd come hunt you down. :) Monty _______________________________________________ OpenStack-Infra mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
