@Stephen Connolly <[email protected]> I meant Bitcoins. Without network access bitcoins can be loaded but nobody can use them. An access to Workspace and archived artifacts should be disabled for users.
On Sun, Jan 6, 2019 at 5:51 PM Stephen Connolly < [email protected]> wrote: > That is not the problem you think it is. Bitcoin mining is the current > issue. And through Jenkinsfile or Process.exec you can bypass JVM > permissions > > On Sun 6 Jan 2019 at 16:44, Tibor Digana <[email protected]> wrote: > > > Regarding "pull/1234/head" refs and the security, I think allowing only > the > > permission to Maven Central IP address is needed and nowhere else. > > This can be accomplished by the java policy in JRE. > > WDYT? > > > > On Sun, Jan 6, 2019 at 11:09 AM Hervé BOUTEMY <[email protected]> > > wrote: > > > > > I didn't know about these special "pull/1234/head" refs, that are not > > real > > > branches: if these pseudo-branches were synchronized to Gitbox like any > > > branch, the Gitpubsub mechanism could happen at Apache > > > of course, the security implications of running code from these PR > > > branches > > > would still have to be managed... > > > > > > notice: there is a discussion on this on builds@apache [1] > > > > > > Regards, > > > > > > Hervé > > > > > > [1] https://lists.apache.org/[email protected] > > > > > > Le samedi 5 janvier 2019, 12:34:24 CET Enrico Olivelli a écrit : > > > > Hi Stephen, > > > > I am not a Jenkins expert, but I want to share this idea, maybe it > can > > > help. > > > > Can we use GitHub webhooks in order to trigger the creation of a Job > > > inside > > > > Maven-Box ? > > > > This way we don't have to continuously use Github API. > > > > When an user creates/updates a PR we can import the PR and create the > > > > Job, having as repository not gitbox.apache.org but github.com > > > > > > > > In github you have this special refs "pull/1234/head" which points to > > > > the branch on remote fork > > > > > > > > just an idea > > > > > > > > Enrico > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > Sent from my phone >
