COPR

Jan Zelený jzeleny at redhat.com
Mon Sep 2 07:00:34 UTC 2013


On 30. 8. 2013 at 16:01:42, Jay Greguske wrote:
> On 08/30/2013 05:39 AM, Miroslav Suchý wrote:
> > Hi,
> > I would like to get your feedback about COPR [1]
> > 
> > [1]
> > http://miroslav.suchy.cz/blog/archives/2013/08/29/what_is_copr/index.html
> > 
> > We are the beggining and there are two options of where we can go:
> > http://miroslav.suchy.cz/blog/archives/2013/08/29/copr_and_integration_wit
> > h_koji/index.html
> > 
> > http://miroslav.suchy.cz/blog/archives/2013/08/30/copr_implemented_using_o
> > bs/index.html
> > 
> > 
> > I would like to ask *you* what is your opinion?
> 
> Hi Miroslav,
> 
> I'd like to see some elaboration on why VMs instead of chroots would be
> required. I can draw my own conclusions (security) but I'd like to see
> them listed out first before continuing the discussion.

I'm not directly involved in the COPR project but from what I know, it's 
really about security. The thing is that only a selected group of people can 
build on koji, as the process of becoming a maintainer includes mechanisms to 
prevent any random developer to put code into Fedora.

The use case for COPR is a bit different. Think of it as a tool for anyone who 
wants to have a repo with packages that are built on Fedora infrastructure. 
There will be just a minimal set of requirements to become owner of such repo 
and therefore to gain access to COPR. VMs that come and go seem more 
appropriate to prevent potential attacker gaining permanent access to a part 
of the buildsystem - this way the attacker's potential access will be limited 
to a temporary VM.

HTH
Jan


More information about the devel mailing list