[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debiandoc-sgml and UTF-8,... how to get it instaled to gluck


On Mon, Jun 02, 2008 at 05:32:15PM +0200, W. Martin Borgert wrote:
> On Tue, Jun 03, 2008 at 12:04:54AM +0900, Osamu Aoki wrote:
> > We make document package based on sid.
> > We make document web presentation based on stable+bpo.
> >
> > What we need is chrooted sid system which build documentation. (Just
> > like autobuilder for porting)  Document build process can run under user
> > account in chroot which is safer.  Then locally rsync to web server
> > (stable) system for general access.
> I agree about the problem, but suggest another solution: Why not
> simply install the documentation package (.deb) on our
> webserver? (And maybe add some link/copy logic to get the
> location right.) Why have a separate documentation build anyway,
> if we package it? If installing unstable documentation packages
> is not acceptable on stable servers, we could at least use the
> unstable .deb archives and unpack in the right location.

Yes, this is certainly an option.  But Subversion build was much more
fine grained and accessible by all contributors.  

I see this subversion build system as autobuilder for all suversion

> On a side note: chroot is *not* a security feature!

I know chroot is no security barrier if process inside gains root.  (So
if there is root exploit within chroot such as kernel bug, there is no
secuty wall.)

But I thought as long as process inside is non-root process, we can
limit its access to general filesystem.  So it can be used as some
barrier.  At least, we can prevent buggy makefile to start putting file
in wrong places. Am I missing something?  I am curious.


Reply to: