Gerrit +1 now executes the code you reviewed

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Gerrit +1 now executes the code you reviewed

Jan Zerebecki
I just merged and deployed https://gerrit.wikimedia.org/r/#/c/184886/ ,
which means:
A +1 in gerrit.w.o didn't have any technical effect until now. Now it
submits the patch for testing. That means if you +1 a patch from a
non-whitelisted user that was not yet tested, it will then, just as if
recheck was issued. Thus executing the code that you reviewed to not
steal secrets or compromise security in other ways.

--
Regards,
Jan Zerebecki

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Gerrit +1 now executes the code you reviewed

Chris Steipp
Just to clarify, this is a +1 from a user who has +2 rights? Whereas a +1
from some random user will not initiate the tests?

On Tue, Nov 17, 2015 at 10:20 AM, Jan Zerebecki <[hidden email]>
wrote:

> I just merged and deployed https://gerrit.wikimedia.org/r/#/c/184886/ ,
> which means:
> A +1 in gerrit.w.o didn't have any technical effect until now. Now it
> submits the patch for testing. That means if you +1 a patch from a
> non-whitelisted user that was not yet tested, it will then, just as if
> recheck was issued. Thus executing the code that you reviewed to not
> steal secrets or compromise security in other ways.
>
> --
> Regards,
> Jan Zerebecki
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Gerrit +1 now executes the code you reviewed

Jan Zerebecki
On 2015-11-17 19:30, Chris Steipp wrote:
> Just to clarify, this is a +1 from a user who has +2 rights? Whereas a +1
> from some random user will not initiate the tests?

No. The permission here is the CI white list in zuul, which is a
different one from gerrit +2. The permission and who has it didn't
change. (Before a user in that white list could comment recheck on a
repo where they didn't have +2 to get the same effect.)


--
Regards,
Jan Zerebecki

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Gerrit +1 now executes the code you reviewed

Antoine Musso-3
In reply to this post by Jan Zerebecki
Le 17/11/2015 19:20, Jan Zerebecki a écrit :
> I just merged and deployed https://gerrit.wikimedia.org/r/#/c/184886/ ,
> which means:
> A +1 in gerrit.w.o didn't have any technical effect until now. Now it
> submits the patch for testing. That means if you +1 a patch from a
> non-whitelisted user that was not yet tested, it will then, just as if
> recheck was issued. Thus executing the code that you reviewed to not
> steal secrets or compromise security in other ways.

Whaou Danke Jan,

I remember we talked about that earlier this year. Will probably ease
the review work for non white listed people until we move all those jobs
to Nodepool.

--
Antoine "hashar" Musso


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l