Thanks for the feedback.That is indeed a concern. I'm already using temporary per project credentials with limited policies.
I'll add some text about actually having to generate the docs yourself :) Hans Jørgen On 21 January 2014 10:18, Kang Seonghoon <[email protected]> wrote: > Great! I really appreciate a new project listing. Maybe you should > emphasize that you need to run `rustdoc` yourself to get the generated > docs uploaded to the server ;) > > I have a question, or rather, a possible security issue with the > artifact uploading though, especially given the following script > template: > > https://github.com/hansjorg/rust-ci/blob/master/tpt/ppatrigger/templates/ppatrigger/put_artifacts_script.txt > > I'm not sure how you are using S3, but unless you give temporary > credentials to every project and set the bucket policy to ensure the > quota, malicious owners can do hairy things (exceeding quotas at the > least). I think per-upload signed policy [1] will work in this case, > though I'm not sure there is a CLI command for that. Not to mention > that the current script can upload anything, but I assume that you are > already taking that risk (or somehow have mitigated it). > > [1] http://stackoverflow.com/a/5349530 > > 2014/1/21 Hans Jørgen Hoel <[email protected]>: >> Hi, >> >> Rust-ci (http://www.rust-ci.org/) has been updated with some new features >> >> * documentation can be uploaded during Travis CI builds (see project >> page -> owner actions -> get config for docs upload) >> * categorization of projects >> * projects can now be edited and deleted by owners (aka Web 2.0 compliance) >> >> For a view of projects by category see: >> >> http://www.rust-ci.org/projects/ >> >> I've added likely categories to projects based on name and >> description, but I've probably missed a few so please take a look at >> your own project (owner actions -> edit project to change). >> >> Categories are fixed for now. Give me a ping if you want to have a >> category added or changed. >> >> Projects on the frontpage with a padlock in the status column are >> missing Travis CI authentication due to an earlier bug. To fix this, >> go to the project page and select Authenticate. >> >> If you encounter any other issues, please report it here: >> >> https://github.com/hansjorg/rust-ci >> >> Next up: >> >> * benchmarks upload (and graphing) >> >> cheers, >> >> Hans Jørgen >> _______________________________________________ >> Rust-dev mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/rust-dev > > > > -- > -- Kang Seonghoon | Software Engineer, iPlateia Inc. | http://mearie.org/ > -- Opinions expressed in this email do not necessarily represent the > views of my employer. > -- _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
