That is not the problem you think it is. Bitcoin mining is the current issue. And through Jenkinsfile or Process.exec you can bypass JVM permissions
On Sun 6 Jan 2019 at 16:44, Tibor Digana <[email protected]> wrote: > Regarding "pull/1234/head" refs and the security, I think allowing only the > permission to Maven Central IP address is needed and nowhere else. > This can be accomplished by the java policy in JRE. > WDYT? > > On Sun, Jan 6, 2019 at 11:09 AM Hervé BOUTEMY <[email protected]> > wrote: > > > I didn't know about these special "pull/1234/head" refs, that are not > real > > branches: if these pseudo-branches were synchronized to Gitbox like any > > branch, the Gitpubsub mechanism could happen at Apache > > of course, the security implications of running code from these PR > > branches > > would still have to be managed... > > > > notice: there is a discussion on this on builds@apache [1] > > > > Regards, > > > > Hervé > > > > [1] https://lists.apache.org/[email protected] > > > > Le samedi 5 janvier 2019, 12:34:24 CET Enrico Olivelli a écrit : > > > Hi Stephen, > > > I am not a Jenkins expert, but I want to share this idea, maybe it can > > help. > > > Can we use GitHub webhooks in order to trigger the creation of a Job > > inside > > > Maven-Box ? > > > This way we don't have to continuously use Github API. > > > When an user creates/updates a PR we can import the PR and create the > > > Job, having as repository not gitbox.apache.org but github.com > > > > > > In github you have this special refs "pull/1234/head" which points to > > > the branch on remote fork > > > > > > just an idea > > > > > > Enrico > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > -- Sent from my phone
