Le vendredi 4 janvier 2019, 22:06:30 CET Joan Touzet a écrit : > ----- Original Message ----- > > > From: "Allen Wittenauer" <[email protected]> > > > > This is the same model the ASF has used for JIRA for a decade+. > > > > It’s always been possible for anyone to submit anything to Jenkins > > > > and have it get executed. Limiting PRs or patch files in JIRAs to > > just committers is very anti-community. (This is why all this talk > > about using Jenkins for building artifacts I find very > > entertaining. The infrastructure just flat out isn’t built for it > > and absolutely requires disposable environments.) > > Then we build a new, additional Jenkins that is committer-only (or PMC- > only, perhaps, if it's for release purposes). This is a tractable > problem. > > We are stuck at an impasse where people need something to reduce the > manual workload, and we have an obsolete policy standing in its way. security is not an obsolete policy :) you really can't let anybody in the world submit code in PRs that will run on your infrastructure, unless you have managed a solution to limit risks of such execution: sorry, we don't have such a setup yet at Apache, we are still in a setup where we need the trust we have put into committers
> We must be the last organisation in the world where people are forced > to release software through a manual process. here, frustration makes you mix 2 completely different topics: release process and CI for PRs this discussion is about CI for PRs if you want to work on release process, let's start another thread: I missed the previous discussion, but now, I'm ready to work on it with everybody Regards, Hervé > > I don't see why this is something to be gleeful about. > > -Joan
