Re: Docker requirement

Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a): You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ? Previous week we worked on Mock security issue. This is fixed now. However it raised the question: is it smart to run mock-scm, pyp2rpm, gem2spec... directly on copr-dist-git machine? It is run under non-privileged user, but still... I can think about some attack vectors. For obvious reasons I will not disclose them publicly. So we wanted to build SRPM in environment, which will be discarded after SRPM build and hard to escape. There are several ways how to implement it. But we chosen builds in Docker container. It will be used just for SRPM build. Nothing more. Is it problem for you? -- Miroslav Suchy, RHCA Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys