"Martin v. Löwis"
martin at v.loewis.de
Tue Jan 10 09:15:56 CET 2006
Brian Warner wrote:
> This makes it much easier to implement things like the "Force Build"
> button, and allows the same status-retrieving API to be used by all
> the different status-delivery modules: web, IRC, email, PB.
Certainly: I can easily believe that this is easier from a development
point of view.
I can also accept that this is the only way if you want to trigger
things through the Web (such as the Force Build interface). However,
this interface was the first thing I turned off, because there is
too much potential for abuse. The slaves are (in our case) donated
resources, sometimes in machines that also serve other purposes.
The donors need to know what precisely will run on their machines,
and when precisely that will happen, so "Force build" is disabled.
The reason I want static pages is for security concerns. It is not
easy whether buildbot can be trusted to have no security flaws,
which might allow people to start new processes on the master,
or (perhaps worse) on any of the slaves.
I know I could limit the Twisted webserver to localhost using
firewalling/iptables (and I will need to if there is no other
option); just having it generate static pages would have been
BTW, the same security concern applies to the IRC listener
and the slave listeners: how do I know that nobody can take
over my infrastructure using carefully-crafted messages?
I could study the entire protocol stack to convince myself,
but I would prefer if there was an easy answer, like:
this is the set of operations callable through twisted,
and these are the preconditions for calling them.
For the IRC, this is easy to see (just inspect all
command_ procedures), but what about the slaves port?
> It's not the greatest solution, but it might let you add more
> Builders without making the display unworkably complex.
Thanks! so far, we only have 8 lanes, which is still managable. If size
increases, I come back to these ideas.
More information about the Python-Dev