Package: jenkins Severity: normal Hi.
By default, AFAICT, Jenkins will be installed running on port 8080, accessible from anywhere, and fully configurable by anyone. I believed this is dangerous, security wise. Please either provide a default setup which limits its openness for instance allowing only local clients to connect on localhost:8080, or at minimum an important message when it gets installed via APT debconf templates, referring to a README providing instructions on how to configure its security. https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup seems a good start for such instructions, I guess, but I'm no Jenkins guru. Best regards, -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (900, 'testing'), (300, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
