Comment 1 for bug 1194992

Revision history for this message
Jeremy Stanley (fungi) wrote :

It's worth noting that plaintext HTTP will potentially leak your credentials for this. HTTPS with proper certificate validation or possibly Gerrit's SSH interface could provide a secure transport for this sort of feature enhancement. Since Zuul already needs to be able to connect to Gerrit's SSH interface to read the event stream, perhaps much of the needed key management logic is already in place for that?