jzeleny at redhat.com
Mon Sep 2 07:00:34 UTC 2013
On 30. 8. 2013 at 16:01:42, Jay Greguske wrote:
> On 08/30/2013 05:39 AM, Miroslav Suchý wrote:
> > Hi,
> > I would like to get your feedback about COPR 
> > 
> > http://miroslav.suchy.cz/blog/archives/2013/08/29/what_is_copr/index.html
> > We are the beggining and there are two options of where we can go:
> > http://miroslav.suchy.cz/blog/archives/2013/08/29/copr_and_integration_wit
> > h_koji/index.html
> > http://miroslav.suchy.cz/blog/archives/2013/08/30/copr_implemented_using_o
> > bs/index.html
> > I would like to ask *you* what is your opinion?
> Hi Miroslav,
> I'd like to see some elaboration on why VMs instead of chroots would be
> required. I can draw my own conclusions (security) but I'd like to see
> them listed out first before continuing the discussion.
I'm not directly involved in the COPR project but from what I know, it's
really about security. The thing is that only a selected group of people can
build on koji, as the process of becoming a maintainer includes mechanisms to
prevent any random developer to put code into Fedora.
The use case for COPR is a bit different. Think of it as a tool for anyone who
wants to have a repo with packages that are built on Fedora infrastructure.
There will be just a minimal set of requirements to become owner of such repo
and therefore to gain access to COPR. VMs that come and go seem more
appropriate to prevent potential attacker gaining permanent access to a part
of the buildsystem - this way the attacker's potential access will be limited
to a temporary VM.
More information about the devel