Ah that’s an interesting topic!

I guess this in relation to the Job COB? How would the log be leaked if the repository is private? The traffic is encrypted because of the use NOISE, and the COB cannot be replicated unless the repository is replicated.

Is there another vector you’re thinking of? Or maybe the run log is something else and I’m off topic :)

Actually not related to job COBs, but to me thinking that it’d be nice if my CI node would build my journal and put it on a web server where it’s passwordc protected. The adapter produces a run log that is public and the run log can leak information that I don’t want people to know about my journal. Starting with the RID.

I’m currently leaning towards setting up a second, private CI node that doesn’t publsh any logs or CI broker report pages to anyone but me.

For myself, I’ve set up a second CI node to run CI for private repositories. I have not made up my mind about the general case. As I see it, we have options:

• status quo: run CI for any and all repositories, and publish run logs, with no regard to whether they are private repositories; it is up to the node operatore to not add private repositories to a CI node
• we add a global configuration setting allow_private_repositories that defaults to false; this would filter out private repositories
• we add a Public filter to allow the node operator to have fine grained control over what private repostries CI runs for