Opened at 2008-03-13T18:58:55Z
Closed at 2010-09-02T04:36:26Z
#349 closed defect (wontfix)
Find a middle ground on access to the Build button
Reported by: | zandr | Owned by: | zandr |
---|---|---|---|
Priority: | minor | Milestone: | undecided |
Component: | dev-infrastructure | Version: | 0.8.0 |
Keywords: | buildbot | Cc: | zooko |
Launchpad Bug: |
Description
It's come to my attention that there are builders for some projects (pycryptopp) that have publically accessible build buttons.
This is less than desirable, because it allows DoS attacks on the slaves. On the other hand, we'd like people who are contributing slaves to be able to test them.
Short term solution: Wrap the build buttons in http basic auth with the buildslave passwords added to the htpasswd file.
Long term solution: Convince the buildbot maintainer of the merits of http://buildbot.net/trac/ticket/200
Change History (4)
comment:2 Changed at 2008-06-01T20:47:10Z by warner
- Milestone changed from eventually to undecided
comment:3 Changed at 2010-06-12T22:17:45Z by davidsarah
- Keywords buildbot added
comment:4 Changed at 2010-09-02T04:36:26Z by zooko
- Resolution set to wontfix
- Status changed from new to closed
For now I'm happy letting anyone in the world poke our "force build" buttons. We've been doing it for years and nobody has abused it yet. When they do someone will reopen this ticket...