[Buildbot-devel] Using buildbot across sites

Joseph Carrafa jcarrafa at highergear.com
Wed May 7 13:20:29 UTC 2008


You can run the status server over Apache using mod_proxy, this will  
give you access to the various authentication methods that Apache  
provides.  As far as security with the actual operation of buildbot,  
the main security hole I know of is the PBChangeSource, which has a  
hardcoded username and password for the PB services.

I would just set up a VPN and call it a day.

On May 7, 2008, at 9:08 AM, Jens Thomas wrote:

> Hello,
>
> I hope it's o.k. to ask a question about using buildbot across  
> different
> sites.
>
> I'd like to set up a build and testing farm between a number of
> different institutions. The groups involved would like to  
> collaborate on
> this because, by doing this, we can test our codes on a far wider  
> range
> of machines than if each group ran their own setup.
>
> However, doing this means that the buildbot server instance needs  
> to be
> accessible to the outside world. This shouldn't be too difficult, as I
> can just punch a hole in our firewall to allow the clients to contact
> the server, but I just wondered if anyone that knows more about the
> buildbot architecture could comment on the security implications of  
> this?
>
> Are the transactions between the server and client encrypted in any  
> way,
> or would it be possible for someone to monitor the packets between
> machines and maybe learn how to hijack either the client or server?
>
> Another question is to do with the html status page. Ideally I'd like
> this to visible externally so that our collaborators can see what's
> happening, but I obviously don't want everyone to have access to this.
> Is it possible to run the status server using authentication over SSL?
>
> Any comments/suggestions would be greatly appreciated!
>
> Best wishes,
>
> Jens
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save  
> $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http:// 
> java.sun.com/javaone
> _______________________________________________
> Buildbot-devel mailing list
> Buildbot-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/buildbot-devel





More information about the devel mailing list