| Building every change that is pushed to Gerrit is potentially dangerous on publicly accessible Gerrit servers, since users may add malicious code that might be executed during the build job. As an example, the Kubernetes project solves this issue by requiring a label in each pull request that will be validated. This label can only be set by trusted contributors of the project. A similar setup would also be useful to have for changes in Gerrit. A way to do this would be to decide on the change's author and/or his/her group in Gerrit whether to trigger a build. A build of a change of a non-whitelisted user could be then triggered by a label set in Gerrit by a project maintainer. This functionality should be part of this plugin and would be useful for a lot of projects. |
