On 05/23/12 07:06, Baptiste Daroussin wrote: > Should network access be restricted at any moment during the package > building, on automated build environment, if yes what phases are to be > expected to be restricted?
Wearing my Security Officer Emeritus hat: How about all of them? For automated package building I'd like to see distfiles fetched onto a dedicated distfile mirroring system and package builders fetching bits from there. One system to provide source distfiles, one system to accept built packages, and one system to control them all and in the cluster... *cough* never mind. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscr...@freebsd.org"
