There are still a few details that need getting right. - I have done a first implementation of a "round-robin" mode. Don't use it, it is deeply flawed. Most specifically, it ties a user to each core. So when a port fails, it becomes hard to restart since the affinity includes BOTH the machine and the user.
The proper implementation would be to have a pool of users, larger than the number of actual builds running, and to "retire" users when they become associated with a failing port. Just requires a bit more code, not yet done. - dpb starts as root, but it should mostly run as an unprivileged user. I'm currently debugging this, already found some mistakes in gid handling, and it also means quite a few extra run_as and user redirects for reading. It's mostly a question of starting dpb, seeing what fails, and restarting it after fixing the issue. (yeah, I will do a full reread afterward). Note that this is mostly paranoia: dpb is NOT setuid or anything, it is just intended to run as root, mostly completely under user control. in any case, the situation is less dangerous than it used to be...
