On Oct 7, 2011, at 6:40 AM, Cameron Simpson wrote: > I think that the build and the tests should be different security > scopes/zones/levels: different users or different VMs. Andrew's > suggestion of a VM-for-tests sounds especially good.
To me, "build" and "test" are largely the same function, since a build whose tests haven't been run is just a bag of bits :). But in the sense that root should never be required to do a build, I don't see a reason to bother supporting that configuration: it makes sense to always do the build as a regular user. > And that I think the as-root tests suite shouldn't run unless the > not-root test suite passes. Why's that? The as-root VM needs to be equally secure either way, and it's a useful data point to see that the as-root tests *didn't* break, if they didn't; this way a developer can tell at a glance that the failure is either a test that needs to be marked as 'root only' or a change that causes permissions to be required that it shouldn't have. (In general I object to suggestions of the form "don't run the tests unless X", unless X is a totally necessary pre-requisite like "the compile finished".)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
