[guardian-dev] [Guardian-internal] Proposal: Public Jenkins

Hans of Guardian hans at guardianproject.info
Fri Apr 12 14:56:58 EDT 2013


On Apr 12, 2013, at 2:51 PM, David Oliver wrote:

> 1. can we run the public one in the cloud somewhere instead of buying another short-useful-lifetime box to decorate our office?

No one is talking about more hardware.  Abel wants to put it on the same host as dev.guardianproject.info, where redmine is installed.  It seems a natural place for it.

> 2. Jenkins builds our source code. We are open-source, so we have nothing to hide.  As Abel suggests, we only want certain people to edit (for which he has a solution).  Thus, why do we need a "full-paranoid" build server at all?

To ensure that only we can edit.  Jenkins is not the most secure piece of software...

.hc

> 
> 
> 
> David M. Oliver | oliver.david.m at gmail.com | http://davidmoliver.com | http://dmo.tel | @davidmoliver | +1 970 368 2366
> 
> 
> On Fri, Apr 12, 2013 at 1:35 PM, Abel Luck <abel at guardianproject.info> wrote:
> Heya,
> 
> So our desire to be full paranoid wrt the build server is of course
> justified, but conflicts up against our desire to be transparent in
> our processes as well.
> 
> None of the info in Jenkins is confidential, it's just sensitive, we
> only want approved peeps to be able to edit it.
> 
> There's no reason the info couldn't be exposed to the world read-only.
> 
> Of course we don't want to expose the secure Jenkins publicly as that is
> a huge attack surface.
> 
> However, there is a plugin called Build Publisher Plugin
> 
>  "This plugin allows records from one Jenkins to be published on another
> Jenkins. The typical use case is for you to run builds within the
> firewall, then send the results to another Jenkins which is facing the
> outside world. "
> 
> Proposal:
> We run a public jenkins instance on the dev.gp.i box, that slurps up
> data from the private secure jenkins.
> 
> We could then also integrate jenkins with redmine [2], which will make
> dev.guardianproject.info the foci of our development effors.
> 
> Thoughts?
> 
> ~abel
> 
> 
> [1]: https://wiki.jenkins-ci.org/display/JENKINS/Build+Publisher+Plugin
> [2]: http://www.r-labs.org/projects/r-labs/wiki/Hudson_En
> _______________________________________________
> Guardian-internal mailing list
> 
> Post: Guardian-internal at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-internal
> 
> To Unsubscribe
>         Send email to:  Guardian-internal-unsubscribe at lists.mayfirst.org
>         Or visit: %(user_optionsurl)s
> 
> You are subscribed as: %(user_address)s
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130412/fb032a63/attachment-0001.html>


More information about the Guardian-dev mailing list