Hello On Mon, 02 Jul 2007, Barry Wark wrote:
> I have the potential to add OS X Server Intel (64-bit) and OS X Intel > (32-bit) to the list, if I can convince my boss that the security risk Sounds good. We could definitely use these platforms. > (including DOS from compile times) is minimal. I've compiled both Currently we don't allow builds to be forced from the web page, but this might change in future. > numpy and scipy many times, so I'm not worried about resources for a > single compile/test, but can any of the regular developers tell me > about how many commits there are per day that will trigger a > compile/test? We currently only build NumPy. SciPy should probably be added at some point, once we figure out how we want to configure the Buildbot to do this. NumPy averages close to 0 commits per day at this point. SciPy is more active. Between the two, on a busy day, you could expect more than 10 and less than 100 builds. > About the more general security risk of running a buildbot slave, from > my reading of the buildbot manual (not the source, yet), it looks like > the slave is a Twisted server that runs as a normal user process. Is > there any sort of sandboxing built into the buildbot slave or is that > the responsibility of the OS (an issue I'll have to discuss with our > IT)? Through the buildbot master configuration, we tell your buildslave what to check out and which commands to execute. We have set it up to do the build in terms of a Makefile, so the master will tell the slave to run "make build" followed by "make test". Here you can make your own machine do anything that hopefully involves running python setup.py, etc. However, the configuration on the master can be changed to make your slave execute any command. In short, any NumPy/SciPy committer or anyone who controls the build master configuration (i.e., me, Stefan, our admin person, a few other people who have root access on that machine and anybody who successfully breaks into it) can make your build machine execute arbitrary code as the build slave user. The chance of this happening is small, but it's not impossible, so if this risk is unacceptable to you/your IT people, running a build slave might not be for you. ;-) Cheers, Albert _______________________________________________ Numpy-discussion mailing list Numpy-discussion@scipy.org http://projects.scipy.org/mailman/listinfo/numpy-discussion