Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a):
Hi all,
this is probably proper place for such discussions -- I am curious what is the
plan with Docker stuff within Copr project.
Do you plan to make Fedora's copr hardly dependant on Docker images?
You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?
Previous week we worked on Mock security issue. This is fixed now. However it raised the
question: is it smart to run
mock-scm, pyp2rpm, gem2spec... directly on copr-dist-git machine? It is run under
non-privileged user, but still...
I can think about some attack vectors. For obvious reasons I will not disclose them
publicly.
So we wanted to build SRPM in environment, which will be discarded after SRPM build and
hard to escape.
There are several ways how to implement it. But we chosen builds in Docker container. It
will be used just for SRPM
build. Nothing more. Is it problem for you?
--
Miroslav Suchy, RHCA
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys