[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PPAs for Debian


Roland Mas <lolando@debian.org> writes:
> Mike Hommey, 2011-05-04 07:57:47 +0200:
>> Add to that that allowing random people to upload packages to be built
>> on Debian build daemons is a recipe to have the buildds compromised.
>   My initial idea about how one would go about implementing them
> involved very strict isolation of the builds (either with LXC or a more
> heavy-handed virtualisation system).  Not going to be very efficient in
> the slow path, but the scope of a compromise would be a temporary
> environment that's going to be thrown away in a minute or so and never
> reused.

If anyone would have actually read the PPA proposal, they would know
that uploads were and are intended to be restricted to DDs and DMs
(which can break buildds anyway, if they want) and building should
happen in throw-away chroots (not for security, but "don't mess with my
system" reasons).


Attachment: pgpe1xYVQ00XF.pgp
Description: PGP signature

Reply to: