On Saturday, October 12, 2013 11:26:28 Thomas Goirand wrote: > On 10/12/2013 01:26 AM, Barry Warsaw wrote: > > On Oct 11, 2013, at 07:23 PM, Julian Taylor wrote: > >> It is better if one disables internet access of package builds > >> completely. > >> With pbuilder and iptables this is very easy, just run this when booting: > >> > >> iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT > >> --reject-with icmp-port-unreachable ip6tables -I OUTPUT ! -d ::1 -m > >> owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable > >> > >> (It works because pbuilder builds as user 1234, won't work for --login > >> sessions)> > > And if you don't use pbuilder? :) > > > > -Barry > > Well, if you don't, you should! :) > </troll>
IIRC Barry uses sbuild, so I think you missed his point. Scott K -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2344440.SL2RIH18Y6@scott-latitude-e6320
