Hi all,
A point raised in a permission update for a plugin in RPU is that we are
still granting users permission to Artifactory for deployment of a plugin
that they maintain even if the plugin is using CD.
https://github.com/jenkins-infra/repository-permissions-updater/pull/2265/files#r773914240
Is there any reason still to do this?
Backports for security would as far as I understand be deployed differently
(the security team sets up a special repository in artifactory).
I also beleive (and may be incorrect) that we should be able to do CD on
branches (however we may need to change <version>{$revision}</version> to
be <version>xxx.{$revision}</version> in order to get a branched version
number (in the cases where a plugin is not already using a prefix like for
libraries).
Thus are we now in a place where if CD is enabled we can (and should)
remove user level artifactory access for plugins (that we maintain), or
even more broadly across all plugins to get some better security?
/James
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/8fd1488a-1d8d-4d7b-b311-4dbc071c0579n%40googlegroups.com.
