On 30. 8. 2013 at 16:01:42, Jay Greguske wrote: > On 08/30/2013 05:39 AM, Miroslav Suchý wrote: > > Hi, > > I would like to get your feedback about COPR [1] > > > > [1] > > http://miroslav.suchy.cz/blog/archives/2013/08/29/what_is_copr/index.html > > > > We are the beggining and there are two options of where we can go: > > http://miroslav.suchy.cz/blog/archives/2013/08/29/copr_and_integration_wit > > h_koji/index.html > > > > http://miroslav.suchy.cz/blog/archives/2013/08/30/copr_implemented_using_o > > bs/index.html > > > > > > I would like to ask *you* what is your opinion? > > Hi Miroslav, > > I'd like to see some elaboration on why VMs instead of chroots would be > required. I can draw my own conclusions (security) but I'd like to see > them listed out first before continuing the discussion.
I'm not directly involved in the COPR project but from what I know, it's really about security. The thing is that only a selected group of people can build on koji, as the process of becoming a maintainer includes mechanisms to prevent any random developer to put code into Fedora. The use case for COPR is a bit different. Think of it as a tool for anyone who wants to have a repo with packages that are built on Fedora infrastructure. There will be just a minimal set of requirements to become owner of such repo and therefore to gain access to COPR. VMs that come and go seem more appropriate to prevent potential attacker gaining permanent access to a part of the buildsystem - this way the attacker's potential access will be limited to a temporary VM. HTH Jan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
