canonical-ci-engineering team mailing list archive

[Sergio Schvezov <sergio.schvezov@xxxxxxxxxxxxx>]

On Tue, Oct 8, 2013 at 4:22 AM, Vincent Ladeuil <v.ladeuil@xxxxxxx> wrote:

> >>>>> Sergio Schvezov <sergio.schvezov@xxxxxxxxxxxxx> writes:
>
>     > On Mon, Oct 7, 2013 at 7:23 PM, Francis Ginther <
>     > francis.ginther@xxxxxxxxxxxxx> wrote:
>
>     >> Updating to the public URLs has been fixed. The "rebuild" link was
>     >> intentionally left as is.
>     >>
>
>     > Can we revisit the need to obfuscate this IP?
>
> I don't think it's obfuscated, you need access to the VPN to reach it.
>
> But if it's used as part of a url to a job that *is* already published
> to jenkins.qa.ubuntu.com, it makes no sense to still point to the
> internal IP. It will take time to track all those occurrences in new
> runs and fix the old ones at the same time but I think everybody agree
> it's the way to go.
>

The rebuild link points to the internal Jenkins instance, look at
urls_to_hide in [0].


>     > As it is, it's cached everywhere on the web[1] just in case
>     > obfuscating it brings in a sense of security.
>
> I don't think anyone feels it's secured by obscurity, it's as secured as
> the VPN access.
>

Exactly, the VPN gives us the security we need; I was referring to the
obfuscation above, so in the case of the rebuild button I would just use
the IP instead of s-jenkins[1].

Cheers
Sergio

[0]
http://bazaar.launchpad.net/~private-ps-quality-team/jenkins-launchpad-plugin/trunk/view/head:/jlp/jenkinsutils.py#L361
[1] fun fact: s is legacy for when we had a staging jenkins.