hosted reproducible package building with multiple developers?
Richard W.M. Jones
rjones at redhat.com
Wed Dec 8 21:00:51 UTC 2010
On Wed, Dec 08, 2010 at 01:50:22PM -0500, James Ralston wrote:
> Well, the ultimate protection would be to use this procedure for each
> build:
>
> 1. Instantiate VMs for all architectures specified by the build,
> via cloning "known good" build VMs.
>
> 2. Use koji to build on each VM.
>
> 3. Destroy each VM that was instantiated.
IIRC Seth is working on this.
To the original poster: even a VM isn't a completely robust way of
preventing root escalations. If the developers are all in your
"organization", how about using a cluestick-based method to prevent
them doing this?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the devel
mailing list