Package: jenkins
Severity: normal

Hi.

By default, AFAICT, Jenkins will be installed running on port 8080, accessible 
from anywhere, and fully configurable by anyone. I believed this is dangerous, 
security wise.

Please either provide a default setup which limits its openness for instance 
allowing only local clients to connect on localhost:8080, or at minimum an 
important message when it gets installed via APT debconf templates, referring 
to a README providing instructions on how to configure its security.

https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup seems a 
good start for such instructions, I guess, but I'm no Jenkins guru.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to