On Oct 12, 2013, at 01:03 PM, Thomas Goirand wrote: >On 10/12/2013 11:33 AM, Scott Kitterman wrote: >> On Saturday, October 12, 2013 11:26:28 Thomas Goirand wrote: >>> On 10/12/2013 01:26 AM, Barry Warsaw wrote: >>>> On Oct 11, 2013, at 07:23 PM, Julian Taylor wrote: >>>>> It is better if one disables internet access of package builds >>>>> completely. >>>>> With pbuilder and iptables this is very easy, just run this when booting: >>>>> >>>>> iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT >>>>> --reject-with icmp-port-unreachable ip6tables -I OUTPUT ! -d ::1 -m >>>>> owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable >>>>> >>>>> (It works because pbuilder builds as user 1234, won't work for --login >>>>> sessions)> >>>> And if you don't use pbuilder? :) >>>> >>>> -Barry >>> >>> Well, if you don't, you should! :) >>> </troll> >> >> IIRC Barry uses sbuild, so I think you missed his point. > >I was just trying to be funny, and wasn't following any point... :)
What's the point of that? :) M-x doctor RET-ly y'rs, -Barry
signature.asc
Description: PGP signature