-----Original Message-----
From: fedora-buildsys-list-bounces(a)redhat.com
[mailto:fedora-buildsys-list-bounces@redhat.com] On Behalf Of
Jesse Keating
Sent: Monday, June 26, 2006 3:10 PM
To: fedora-buildsys-list(a)redhat.com
Subject: RE: New version of mock working (I think)
On Mon, 2006-06-26 at 15:02 -0500, Michael_E_Brown(a)Dell.com wrote:
> For security implications, there is a push to make mock
'safe to run
> by
> semi- or non-trusted users'. The chroot option is not ever
going to be
> safe, from what I can tell, so we might have to make a two-level
> scheme, or a privleged config option for enabling/disabling this.
I'm not sure how that will effect us (Red Hat). The user
that calls our mock is always trusted I suppose, in our
locked down build environment.
> The 'mach' project has much greater ambitions on this
front, and might
> be a better choice for you.
I'm not sure if 'mach' was reviewed for use, or if we just
went straight to mock, since plague did.
One of the signs of project maturity and good leadership is knowing when
to say 'No', and not be afraid to point potential users to better
alternativest to solve their problem. At this point, your request is
right on the border, but I think we can accommodate so far. What I don't
want to run into, though, is the point where we use mock for things like
this:
http://thomas.apestaart.org/log/?p=360. That is what 'mach' is
for, and I don't care to try to compete.
--
Michael