[squeak-dev] Re: [CI] Security
Yanni Chiu
yanni at rogers.com
Fri Jun 24 18:41:49 UTC 2011
On 23/06/11 6:19 PM, Casey Ransberger wrote:
> A friend of a friend passed along a valid concern today: Hudson/Jenkins can run arbitrary shell commands.
Yes, the configuration of a Hudson/Jenkins job allows shell commands.
But, changing the job configuration normally requires a user login. To
monitor build status and download build artifacts from the server, does
NOT require any login.
More information about the Squeak-dev
mailing list
|