> I think I tackled this on in another email. Synopsis: mach is
defined
> as a secure build environment. If it breaks, we need to fix
mach.
The
> truly paranoid should do QA under a vserver, UML or even better
on a
> dedicated machine.
>
ok, no it's not defined that way.
mach is a program to let you build packages in known-consistent build
roots - it is not secure - someone could have an evil package spec
file
that can get out of the chroot and destroy you and your system(and
your
little dog, too)
mach+djinni - is much more secure - but not mach by itself.
mach was never intended to be so.
I don't disagree that mach wasn't designed to be secure, but otoh, the
methodology it uses isn't by definition insecure, either.
Well it DOES still chroot. It's not supposed to be easy to break a
chroot. Do you have an example package that breaks it? What is djinni,
and why isn't it included in mach if it makes it secure enough for
casual use?
--erik