[Jenkins-infra] Fw: New jenkins mirror in China

R. Tyler Croy tyler at monkeypox.org
Mon Apr 14 23:49:02 UTC 2014


On 04/10/2014 17:33, Kohsuke Kawaguchi wrote:
>
> We sign packages, war files, and update center metadata. But we don't 
> sign plugins. If a nation state is the perceived adversary, they can 
> tamper plugins as they are sent over the network, so I don't think 
> accepting a mirror is increasing the overall risk.
>
> Your point about protecting our users from tampered binaries is valid 
> across the board though. I'll add the checksums of plugins to the 
> update center metadata to fix this.


I've gone ahead and enabled the mirror, I don't have access to chinese 
machines to verify whether downloads are being redirected properly yet 
though.

I'll keep an eye on the access logs on cucumber to see if anything comes 
across.





>
> On 04/10/2014 09:26 AM, R. Tyler Croy wrote:
>> I'd like to ask for some guidance from others on this list about
>> accepting a mirror inside of China in the default Jenkins mirror
>> network.
>>
>> I don't want to intersect politics too much with Jenkins, but I want to
>> make sure we're very confident in our signing and ability to protect
>> users from tampered binaries.
>>
>> Thoughts?
>>
>>
>> Begin forwarded message:
>>
>> Date: Thu, 10 Apr 2014 22:05:58 +0800
>> From: Ling Li <lilingv at gmail.com>
>> To: tyler at linux.com
>> Subject: New jenkins mirror in China
>>
>>
>> Hi,
>>
>> I have created a jenkins mirror in China, the url is
>>
>> http://mirror.bit.edu.cn/jenkins/
>>
>> We have 1Gbps bandwidth and usually 150M~300M are used.
>>
>> We rsync files from ftp.osuosl.org every day two times.
>>
>> Could you add it mirror information of jenkins?
>>
>> Cheers.
>>
>>
>> Ling Li
>> Beijing Institute of Technology
>>
>>
>>
>>
>> _______________________________________________
>> Jenkins-infra mailing list
>> Jenkins-infra at lists.jenkins-ci.org
>> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>>
>
>



More information about the Jenkins-infra mailing list