diff options
| -rw-r--r-- | doc/ci/merge_request_pipelines/index.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/ci/merge_request_pipelines/index.md b/doc/ci/merge_request_pipelines/index.md index 6697bf9480f..706e83abf44 100644 --- a/doc/ci/merge_request_pipelines/index.md +++ b/doc/ci/merge_request_pipelines/index.md @@ -75,10 +75,10 @@ because, technically, external contributors can disguise their pipeline results by tweaking their GitLab Runner in the forked project. There are multiple reasons about why GitLab doesn't allow those pipelines to be -created in the parent project, but one of the biggest reasons is security. +created in the parent project, but one of the biggest reasons is security concern. External users could steal secret variables from the parent project by modifying -.gitlab-ci.yml. +.gitlab-ci.yml, which could be some sort of credentials. This should not happen. -We're discussing a secure solution about how to run pipelines for merge requests +We're discussing a secure solution of running pipelines for merge requests that submitted from forked projects, see [the issue about the permission extension](https://gitlab.com/gitlab-org/gitlab-ce/issues/23902). |