P2P Packaging/Koji Cloud
Przemek Klosowski
przemek.klosowski at nist.gov
Wed Dec 7 20:02:42 UTC 2011
On 12/07/2011 01:25 PM, seth vidal wrote:
> If I were going to use random vm's I'd want to:
> 1. connect using ssh
> 2. push over my own rpm/python/etc binaries
> 3. checksum all the rest of the installed (and running) software
> 4. verify those checksums versus my known good set
> 5. THEN push over the pkgs to be built
I'd say we need to be paranoid on this one and consider a tainted kernel
where your own binaries would report A-OK on a rigged gcc because kernel
has a special case for it. Test builds and QA might be OK, but nothing
that results in shipped bits.
More information about the devel
mailing list