Package: jenkins
Severity: normal


By default, AFAICT, Jenkins will be installed running on port 8080, accessible 
from anywhere, and fully configurable by anyone. I believed this is dangerous, 
security wise.

Please either provide a default setup which limits its openness for instance 
allowing only local clients to connect on localhost:8080, or at minimum an 
important message when it gets installed via APT debconf templates, referring 
to a README providing instructions on how to configure its security. seems a 
good start for such instructions, I guess, but I'm no Jenkins guru.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to