[Buildbot-devel] How safe is buildbot outside your intranet?

Dustin J. Mitchell dustin at v.igoro.us
Tue Jun 25 15:38:56 UTC 2013


On Tue, Jun 25, 2013 at 11:11 AM, Fabrizio Buratta
<fabrizio at moldiscovery.com> wrote:
> I'm wandering what happens if master and slaves are outside your intranet
> and a "Man In the middle" tries to read master->slave communications , could
> that be dangerous ?  is buildbot designed to work outside an intranet ?

It depends what your slaves are doing, but yes, it'd be fairly trivial
for someone with network access to the middle to impersonate either
the slave (to intercept secrets from the master) or the master (to
make the slave do their bidding).

In many cases, that doesn't really matter - if the slaves just run
tests, and are not in a sensitive network, there's no real risk.

Dustin




More information about the devel mailing list