Hi Arno, On Tue, Jul 26, 2011 at 10:34:50PM +0200, Arno Töll wrote: > On 26.07.2011 22:25, Kilian Krause wrote: > > I'm not entirely sure if we want to run get-orig-source targets to rebuild > > ~dfsg tarballs and compare them. > > I don't think, you really want to consider to run /anything/ which has > been supplied by a completely untrusted sponsoree. Being it a full or > partial or just a get-orig-source target run. This is an immediate risk > for the infrastructure, being it well protected or not for little benefit.
that was pretty much my point. I've currently no idea on how to secure the setup enough so that we can safely sandbox the get-orig-source call sufficiently to be terminated unconditionally after a timeout from the outside and unable to speak to anything except some remote (web) servers and a local disk cachedir where we'd pull a file from once completed. I bet however it'd make an interesting SELinux challenge to put such thing together. ;-) That's nothing urgent and nothing that we should put efforts into now(TM). -- Best regards, Kilian
signature.asc
Description: Digital signature
