Hello Larry,
 
1. We mainly have 2 kinds of situations:

a) Something like "uboot_ums_flash" which already in linaro lava tree. In the past, this can be overridden by job context. And I guess a lots of other variables which spread every corner of different jinja2 files. Huge I think, I really worried how lava can add so many keys in whitelist...
 
Why do you have to update uboot_ums_flash in the job definition and not in the device dictionary? This sounds more like a device specific information instead of a job definition one.
Anyway, having a long list of keys in the white list is not really a problem. This is only a python array, nothing more.


b) Something which just used in device jinja2 to control some different command in different situations. I know linaro accept upstreams for device-type, I have no idea if private lab's device jinja2 also useful for other people.

Contributions are welcome. A rule of thumb for device-type integration/templates is often: is the device available for purchase by someone outside your company?
If yes, then it's a good idea to upstream it. If not, then it's more a case-by-case decision.


2. Sounds you guys will not rollback this commit because security issue. So two suggestions:

Sorry no :(


a) I don't know how this security issue could impact for an internal lab which not exposed to external internet. Anyway, if possible to add a configure to any settings to let admin to decide if we care this security issue?

More details to come later on, but I don't think this is a good idea.

 
b) If a) not easy to do or not accept, if possible this whitelist be stored in database or other persist file, so user can free to add his own keyword to whitelist, then even we will upgrade lava to later new version, we can still remain the keyword setting in the past, meanwhile user still can free to add any keyword to whitelist without upstream again and again for this hard coded whitelist, I don't think this make sense.

I'm currently writing down a patch to allow admins to extend the white list with a variable in the settings.
 

Please consider. BTW, as Tim Jaacks said in other thread: this limit not happen in multinode job, is it a bug, so next release we will also have this backdoor closed?

I'm fixing this second issue in https://git.lavasoftware.org/lava/lava/merge_requests/547
Thanks for reporting it.


Rgds

--
Rémi Duraffort
LAVA Team, Linaro