canonical-ci-engineering team mailing list archive

Thread
Date

Re: Upstream Merger testing of Community Core Apps

To: Evan Dandrea <evan.dandrea@xxxxxxxxxxxxx>
From: Francis Ginther <francis.ginther@xxxxxxxxxxxxx>
Date: Mon, 4 Nov 2013 11:24:49 -0600
Cc: James Troup <james.troup@xxxxxxxxxxxxx>, canonical-ci-engineering <canonical-ci-engineering@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAOe9oG7Ox0jDzn3OikeKJ_yRN2A6SPWUXCqOKYDN3Q54YmiGKg@mail.gmail.com>

On Thu, Oct 31, 2013 at 5:15 PM, Evan Dandrea
<evan.dandrea@xxxxxxxxxxxxx> wrote:
> Out of my own curiosity, how confident of the security model are we in
> the current arrangement of using a Canonistack Upstream Merger for
> these?

We're relying on the jenkins juju charms to provide the security
between nodes and the outside world. There is no protection between
the nodes internally or restrictions on outbound connections. So a
malicious MP could take down the service or access external websites
uninhibited. There is no built-in connections to other internal
Canonical networks.

Francis
-- 
Francis Ginther
Canonical - Ubuntu Engineering - Continuous Integration Team

References

Upstream Merger testing of Community Core Apps
From: Francis Ginther, 2013-10-31
Re: Upstream Merger testing of Community Core Apps
From: Evan Dandrea, 2013-10-31