On 23 June 2011 23:19, Casey Ransberger <casey.obrien.r at gmail.com> wrote:
> A friend of a friend passed along a valid concern today: Hudson/Jenkins can run arbitrary shell commands.
>
> People all over the place are running public Hudson servers, so I don't think this is necessarily of *great* concern, I mean we can probably just run it in a chroot jail and call it golden.
>
> That said, while I've set up several different CI solutions for internal use by software teams, it was always behind a corporate firewall. This will be my first world-facing adventure with continuous integration.
>
> I think this is worth talking about. Does anyone here have any experience to share that we can potentially learn from?

I suppose we have to ask what we want out of the CI - do we want
pretty web pages with red and blue icons? Would a simple mail on a
breaking build be sufficient for our needs? (Or a mail for a
successful one: noisier, but allows one to distinguish between a
working build and a dead CI server.)

If that's all that's needed, then I suspect one could do something
like run the Hudson installation on a local port, and have people use
ssh forwarding: ssh -L 8000:foo.bar.com:9090 me at foo.bar.com and then
you can go to http://localhost:8000/.

Not undoably bad for the CI admin. If we want to serve up "this is how
things are going" on a web page, I _guess_ we could do that with
Apache RewriteRule-fu. Anyone clued up on that?

frank