dataimport/import-buildbot-data.py should talk to its sources over https

RESOLVED INCOMPLETE

Status

Tree Management Graveyard
TBPL
RESOLVED INCOMPLETE
7 years ago
3 years ago

People

(Reporter: philor, Unassigned)

Tracking

Dependency tree / graph

Details

(Reporter)

Description

7 years ago
We sort of assume that import-buildbot-data.py is talking to the real hg.mozilla.org and the real ftp.mozilla.org and the real build.mozilla.org, based on nothing more than our guess that it would be sort of hard to MITM it.

We should instead know that it is, because it got a valid cert for each of them when it connected to them over https.

hg.m.o and ftp.m.o are as easy as finding someone who knows how to ensure that they are really validating certs from within Python (not, the last time I looked at it, a particularly easy task, but that was pre-2.6). build.m.o will have to wait on bug 657359 shuffling things around to where it over https isn't looking for auth.
(Assignee)

Updated

4 years ago
Product: Webtools → Tree Management

Comment 1

3 years ago
TBPL has been EOLed (bug 1054977).
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
(Assignee)

Updated

3 years ago
Product: Tree Management → Tree Management Graveyard
You need to log in before you can comment on or make changes to this bug.