[Buildbot-devel] Build step confirmation on slaves, was Re: Some questions
Dustin J. Mitchell
dustin at zmanda.com
Fri Jun 20 13:29:21 UTC 2008
On Fri, Jun 20, 2008 at 5:58 AM, Dennis Schridde <devurandom at gmx.net> wrote:
> I assume this is probably a feature request:
> Is it possible for buildslave admins to verify the commands their slaves will
> be running?
The problem is, even if the command is just "make", someone who owns
the buildmaster can still take over the buildslaves by just providing
a different Makefile. And obviously the source is going to change
from build to build, so there's no way to checksum and verify that.
I think that buildbot itself is insecure just by the nature of what it
does. You should protect the buildmaster, and ensure that the user
running buildslave on the slaves is well-locked-down.
Dustin
--
Storage Software Engineer
http://www.zmanda.com
More information about the devel
mailing list