P2P Packaging/Koji Cloud
seth vidal
skvidal at fedoraproject.org
Wed Dec 7 21:15:56 UTC 2011
On Wed, 07 Dec 2011 15:02:42 -0500
Przemek Klosowski <przemek.klosowski at nist.gov> wrote:
> On 12/07/2011 01:25 PM, seth vidal wrote:
>
> > If I were going to use random vm's I'd want to:
> > 1. connect using ssh
> > 2. push over my own rpm/python/etc binaries
> > 3. checksum all the rest of the installed (and running) software
> > 4. verify those checksums versus my known good set
> > 5. THEN push over the pkgs to be built
>
> I'd say we need to be paranoid on this one and consider a tainted
> kernel where your own binaries would report A-OK on a rigged gcc
> because kernel has a special case for it. Test builds and QA might be
> OK, but nothing that results in shipped bits.
So I have two thoughts on this:
1. scratch or personal chainbuilds could be built in ec2 or rax or
anywhere w/o an issue
2. for our shipping pkgs building them in the existing koji
buildsystems and/or in a dedicated private cloud instance makes sense -
if only for resource allocation and control.
-sv
More information about the devel
mailing list