hosted reproducible package building with multiple developers?
seth vidal
skvidal at fedoraproject.org
Wed Dec 8 21:50:11 UTC 2010
On Wed, 2010-12-08 at 22:40 +0100, Till Maas wrote:
> On Wed, Dec 08, 2010 at 09:00:51PM +0000, Richard W.M. Jones wrote:
>
> > To the original poster: even a VM isn't a completely robust way of
> > preventing root escalations. If the developers are all in your
> > "organization", how about using a cluestick-based method to prevent
> > them doing this?
>
> I guess giving someone a shell account in a VM is usually not less safe
> than giving someone shell access on the host of the VM, as long as the
> VM does not use kvm and does not run as root. Because even if the user
> could break out of the VM, he still has only the same privileges as when
> he got a shell access to the host directly.
>
the point is to make the vm's be entirely disposable.
So you make the vm
build the pkg in mock
suck the results off
destroy the vm
nothing to risk, then.
-sv
More information about the devel
mailing list