hosted reproducible package building with multiple developers?
Till Maas
opensource at till.name
Wed Dec 8 21:40:36 UTC 2010
On Wed, Dec 08, 2010 at 09:00:51PM +0000, Richard W.M. Jones wrote:
> To the original poster: even a VM isn't a completely robust way of
> preventing root escalations. If the developers are all in your
> "organization", how about using a cluestick-based method to prevent
> them doing this?
I guess giving someone a shell account in a VM is usually not less safe
than giving someone shell access on the host of the VM, as long as the
VM does not use kvm and does not run as root. Because even if the user
could break out of the VM, he still has only the same privileges as when
he got a shell access to the host directly.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101208/d63b8c9d/attachment.bin
More information about the devel
mailing list