On Friday 03 April 2009 15:50:28 Ian Clarke wrote: > On Thu, Apr 2, 2009 at 5:49 PM, Florent Daigni?re < > nextgens at freenetproject.org> wrote: > > > Okay, so it's technically possible (anyway, pulling on a regular basis > > was also an option)... but do we want to fetch code from a remote host > > we don't control and auto-run it on emu? The building process involves > > running the build-scripts. > > Well, we don't control emu either, its sitting in Bytemark's datacenter. > I'd say that github are at least as trustworthy as Bytemark.
You miss the point. The auto-build runs on emu, so having compromised emu you can .... compromise emu! No net gain for any attacker. > I assume > scripts will be run in a walled-off user account, and we can take measures > to sandbox it - but it isn't like we are running the scripts after > downloading them from wikipedia. It is a legitimate concern, if it is misconfigured by either us or them. The right solution is for a trusted dev to code review, create a tag and sign it, and then release binaries from that tag. They can be built on his local machine, eliminating another reason for a central server hosted by us. > > Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090404/ee7c8dce/attachment.pgp>
