3:24 p.m.
Greetings,
With recent Jenkins security advisory today, I realized we just imported the
current secrets from jenkins into zuulv3. I'd like to propose, just to be extra
safe, we preform a re-key of everything that uses secrets.
I'm not sure if this has every been done with jenkins, but we should also
consider some policy to re-key everything ever x months too.
Thoughts?
2:21 a.m.
On 18/07/18 22:24, Paul Belanger wrote:
Greetings,
With recent Jenkins security advisory today, I realized we just imported the
current secrets from jenkins into zuulv3. I'd like to propose, just to be extra
safe, we preform a re-key of everything that uses secrets.
I'm not sure if this has every been done with jenkins, but we should also
consider some policy to re-key everything ever x months too.
Thoughts?
_______________________________________________
dev mailing list
dev(a)lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev
To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
The current CBS credentials for RDO have never been into Jenkins.
Regards,
H.
10:35 a.m.
On Thu, Jul 19, 2018 at 09:21:11AM +0200, Haïkel Guémar wrote:
On 18/07/18 22:24, Paul Belanger wrote:
> Greetings,
>
> With recent Jenkins security advisory today, I realized we just imported the
> current secrets from jenkins into zuulv3. I'd like to propose, just to be
extra
> safe, we preform a re-key of everything that uses secrets.
>
> I'm not sure if this has every been done with jenkins, but we should also
> consider some policy to re-key everything ever x months too.
>
> Thoughts?
> _______________________________________________
> dev mailing list
> dev(a)lists.rdoproject.org
> http://lists.rdoproject.org/mailman/listinfo/dev
>
> To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
>
The current CBS credentials for RDO have never been into Jenkins.
Thanks, the SSH key for images.r.o is also safe, we've rotated that. What
about
about things needed for weirdo and other secrets? Who would know more about
them.
- Paul
11:19 a.m.
On Thu, Jul 19, 2018 at 5:35 PM, Paul Belanger <pabelanger(a)redhat.com>
wrote:
On Thu, Jul 19, 2018 at 09:21:11AM +0200, Haïkel Guémar wrote:
> On 18/07/18 22:24, Paul Belanger wrote:
> > Greetings,
> >
> > With recent Jenkins security advisory today, I realized we just
imported the
> > current secrets from jenkins into zuulv3. I'd like to propose, just
to be extra
> > safe, we preform a re-key of everything that uses secrets.
> >
> > I'm not sure if this has every been done with jenkins, but we should
also
> > consider some policy to re-key everything ever x months too.
> >
> > Thoughts?
> > _______________________________________________
> > dev mailing list
> > dev(a)lists.rdoproject.org
> > http://lists.rdoproject.org/mailman/listinfo/dev
> >
> > To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
> >
>
> The current CBS credentials for RDO have never been into Jenkins.
>
Thanks, the SSH key for images.r.o is also safe, we've rotated that. What
about
about things needed for weirdo and other secrets? Who would know more
about
them.
I can help on that. That secret is an api token that can only be used to
trigger builds of some specific jobs in ci.centos.org.
- Paul
_______________________________________________
dev mailing list
dev(a)lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/dev
To unsubscribe: dev-unsubscribe(a)lists.rdoproject.org
2320
days inactive
2321
days old
3 comments
3 participants
participants (3)
-
Alfredo Moralejo Alonso -
Haïkel Guémar -
Paul Belanger