On Friday 03 April 2009 15:50:28 Ian Clarke wrote: > On Thu, Apr 2, 2009 at 5:49 PM, Florent Daignière < > nextg...@freenetproject.org> wrote: > > > Okay, so it's technically possible (anyway, pulling on a regular basis > > was also an option)... but do we want to fetch code from a remote host > > we don't control and auto-run it on emu? The building process involves > > running the build-scripts. > > Well, we don't control emu either, its sitting in Bytemark's datacenter. > I'd say that github are at least as trustworthy as Bytemark.
You miss the point. The auto-build runs on emu, so having compromised emu you can .... compromise emu! No net gain for any attacker. > I assume > scripts will be run in a walled-off user account, and we can take measures > to sandbox it - but it isn't like we are running the scripts after > downloading them from wikipedia. It is a legitimate concern, if it is misconfigured by either us or them. The right solution is for a trusted dev to code review, create a tag and sign it, and then release binaries from that tag. They can be built on his local machine, eliminating another reason for a central server hosted by us. > > Ian.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
