Closed
Description
While we're beefing up the security of our Jenkins install, it occurred to me that we should probably run two Jenkins installs: one that does all the stuff that only needs the "public" nodes, and another that does the releases and needs the "publish" node, which has some secrets to protect. We could place that private Jenkins behind a VPN, rather than expose it directly to the internet.
This would protect us better from vulnerabilities in Jenkins (or our configuration of it).