Slave build ID should not be used for much at all
Bug #549907 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
William Grant |
Bug Description
The slave build ID is not trustworthy -- anybody can easily compromise a slave and make it return whatever build ID they want. But it's currently used in lots of buildd-manager logging, which is confusing and potentially unsafe.
Nothing should touch slave build IDs except dispatchBuildTo
Related branches
lp://staging/~wgrant/launchpad/bug-549907-stop-using-slave-build-id
- Michael Nelson (community): Approve (code)
- Jelmer Vernooij (community): Approve (code*)
-
Diff: 179 lines (+21/-22)5 files modifiedlib/lp/buildmaster/model/buildbase.py (+5/-4)
lib/lp/buildmaster/model/builder.py (+3/-3)
lib/lp/soyuz/doc/buildd-slavescanner.txt (+1/-7)
lib/lp/translations/model/translationtemplatesbuildbehavior.py (+11/-7)
lib/lp/translations/tests/test_translationtemplatesbuildbehavior.py (+1/-1)
Changed in soyuz: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → William Grant (wgrant) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in soyuz: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in stable r10654 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 10654>