Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25871

Default "Ignore externals" checkbox to unchecked

XMLWordPrintable

      When selecting Subversion under "Source Code Management" in a job config, the "Ignore externals" checkbox is checked by default. It would seem more likely that the user would prefer to pull down externals when using Subversion.

          [JENKINS-25871] Default "Ignore externals" checkbox to unchecked

          Daniel Beck added a comment -

          By design for security reasons, see wiki at https://wiki.jenkins-ci.org/display/JENKINS/Subversion+Plugin

          Change default of ignoreExternalsOption to true. Add help text explaining some of the security risks involved in checking out externals (namely that they can be a route to hijacking credentials that in most cases have full read access to the entire repository and not just the limited subset of the repository that an individual committer's credentials may have read access to. The recommended way to handle externals is to add those as additional modules directly. Thus ensuring that even if a committers machine is hacked or otherwise compromised, their credentials cannot be used to commit a modified build script and svn:external definition that allows the entire contents of the Subversion repository to be zipped up and FTP'd to a remote server)

          Since this issue does not argue against the reasons specified there, resolving as Won't Fix. Address those and it would make sense to reopen.

          Daniel Beck added a comment - By design for security reasons, see wiki at https://wiki.jenkins-ci.org/display/JENKINS/Subversion+Plugin Change default of ignoreExternalsOption to true. Add help text explaining some of the security risks involved in checking out externals (namely that they can be a route to hijacking credentials that in most cases have full read access to the entire repository and not just the limited subset of the repository that an individual committer's credentials may have read access to. The recommended way to handle externals is to add those as additional modules directly. Thus ensuring that even if a committers machine is hacked or otherwise compromised, their credentials cannot be used to commit a modified build script and svn:external definition that allows the entire contents of the Subversion repository to be zipped up and FTP'd to a remote server) Since this issue does not argue against the reasons specified there, resolving as Won't Fix. Address those and it would make sense to reopen.

            Unassigned Unassigned
            bduffy Brent Duffy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: