On 10/12/2013 11:33 AM, Scott Kitterman wrote: > On Saturday, October 12, 2013 11:26:28 Thomas Goirand wrote: >> On 10/12/2013 01:26 AM, Barry Warsaw wrote: >>> On Oct 11, 2013, at 07:23 PM, Julian Taylor wrote: >>>> It is better if one disables internet access of package builds >>>> completely. >>>> With pbuilder and iptables this is very easy, just run this when booting: >>>> >>>> iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT >>>> --reject-with icmp-port-unreachable ip6tables -I OUTPUT ! -d ::1 -m >>>> owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable >>>> >>>> (It works because pbuilder builds as user 1234, won't work for --login >>>> sessions)> >>> And if you don't use pbuilder? :) >>> >>> -Barry >> >> Well, if you don't, you should! :) >> </troll> > > IIRC Barry uses sbuild, so I think you missed his point.
I was just trying to be funny, and wasn't following any point... :) Thomas -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5258d814.7020...@debian.org
