Closed Bug 1207939 Opened 9 years ago Closed 9 years ago

Try syntax should include an option to hide the try push from the normal lists

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1136954

People

(Reporter: jesup, Unassigned)

Details

The idea here is to provide a way to 'hide' try pushes so you'd need to know the original TreeHerder URL (like https://treeherder.mozilla.org/#/jobs?repo=try&revision=2b9c0d33bc50) to see such a push.  I.e. https://treeherder.mozilla.org/#/jobs?repo=try or https://treeherder.mozilla.org/#/jobs?repo=try&author=.... etc would NOT show the try run. There is a vulnerability in the hash, but randomly hitting the hash is virtually impossible if we don't expose it anywhere.  Need to be careful about things like directory listings which might expose the hash.  As an alternative, we could also require a password or login to see them, but again we'd need to be careful about access to the directories directly.  (If the parent directories aren't browsable, then this is all much simpler.)

This would be of great help in dealing with certain classes of bugs/patches.  We may need ways (special powers?  Login if you have certain privs?) to monitor this for abuse.

Since Treeherder has the ability to filter on a number of factors, this seems like it would be easy, and FAR easier than a separate locked Try.
The try repository is public, so I'm not sure what locking down treeherder from displaying particular pushes would be good for, sadly.
Other services that would expose the jobs:
* hgweb (pushlog, standard changelog)
* try repo Hg protocol
* if buildbot job: builds-4hr, buildapi, FTP directories. 
* if taskcluster job: ?

Hiding the jobs from builds-4hr would break treeherder. builds-4hr cannot be made private since other tooling apart from treeherder relies on it.

Even if we adjusted all of the above, people could still scrape &pushID= pushlogjson pages - unless we removed support for pushID and only supported &revision= etc

As such, I think this is really a dupe of bug 1136954, which is dependant on us moving to buildbot-bridge (ie deprecating more of buildbot).

(The Treeherder component is Tree Management::Treeherder , Trychooser is Release Engineering::Tools)
Status: NEW → RESOLVED
Closed: 9 years ago
Component: General → Other
Product: Testing → Release Engineering
QA Contact: mshal
Resolution: --- → DUPLICATE
Thanks.  Worth asking, given I don't know the architecture, and abillings thought it might be worth checking.
It was worth a shot.
You need to log in before you can comment on or make changes to this bug.