Stewart X Addison
Stewart X Addison
This machine appears to have some large workspaces in some of the containers - we should look at these and see if there was an obvious reason why they are...
Identify the criteria for accepting script approvals: https://ci.adoptium.net/manage/scriptApproval/
Part of [SSDF phase 3](https://github.com/adoptium/adoptium/issues/120#issuecomment-1443690953) PO 5.2 We installed the [job restrictions plugin](https://plugins.jenkins.io/job-restrictions/) [last year](https://github.com/adoptium/infrastructure/issues/2961). This issue will cover testing it out and seeing if we can prevent jobs run...
Noting that https://ci.adoptium.net/job/build-scripts/job/jobs/job/jdk17u/job/jdk17u-alpine-linux-x64-temurin/393/ and the equivalent on other versions appears to insist on running on one of the equinix dockerhosts at the moment as it's looking for `build&&alpine-linux&&x64&&dockerBuild` - we'll...
Spin off from https://github.com/adoptium/infrastructure/issues/2108 On the jenkins server there is quite a mix of policies in place regarding how long jobs are retained for, and how long the artefacts are...
This is part of [SSDF](https://github.com/adoptium/adoptium/issues/120#issuecomment-1443690953) PO 5.1 and has been flagged elsewhere. We should have a process for distributing ssh keys wherever they are used to avoid having to bypass...
Noted during the Jenkins update - we have a lot of `Signatures already approved which may have introduced a security vulnerability (recommend clearing):` messages in the jenkins script approval page....
We do not currently run the external test suites on platforms other than Linux/x64. With our capacity likely to be reduced on that platform as a result of https://github.com/adoptium/infrastructure/issues/3292 we...
Raised by a user on the eclipse security list. We are currently using SHA-1 checksums in places such as https://packages.adoptium.net/ui/api/v1/download/contentBrowsing/rpm/rocky/8/ppc64le/repodata/repomd.xml?isNativeBrowsing=true but as per [this Red Hat article](https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9) it is not...
As part of testing https://github.com/adoptium/installer/pull/793 I was trying to build the images using `podman` instead of docker. While the core is hard coded to invoke `docker` if I create a...