Branch: refs/heads/disable-public-pr
Home: https://github.com/jenkinsci/github-branch-source-plugin
Commit: 746a2b31bd46eaa3594e4a3c044fc8a657a75725
https://github.com/jenkinsci/github-branch-source-plugin/commit/746a2b31bd46eaa3594e4a3c044fc8a657a75725
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
Log Message:
-----------
Disable PR builds for public repos
As things stand right now, PR builds for public repositories are unsafe,
due to the fact that anyone can submit a PR that modifies Jenkinsfile.
As far as I am concerned, this is a regression; it used to be that this
plugin did not automatically pick up PR builds.
There are various efforts in progress to address this in different ways,
and there are also other project recognizers that are considered that
can change the situation.
But until that happens, please disable this feature, for it's too easy
for people to "incorrectly" use this functionality with public
repositories and make their Jenkins instances vulnerable.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
