[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)
|
From: |
Matthew Dempsky |
|
Subject: |
Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3) |
|
Date: |
06 Jul 2004 18:46:53 -0500 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 |
John Meinel <address@hidden> writes:
> Peter Conrad wrote:
>
> | On Mon, Jul 05, 2004 at 09:33:32PM -0400, James Blackwell wrote:
> |
> |>6. attempt to compile the now modified dev. head and record results
> |>7. perform make test and record results
> |
> | steps 6 and 7, when run automated and unattended, will allow the execution
> | of arbitrary code on the "merge tracker" machine. IMO patches *must* be
> | reviewed by a human before they're compiled.
>
> Well, if you validate your submissions first, meaning you only allow
> people with a proper gpg signature or that sort of thing, then it
> shouldn't be as much of a problem.
>
> It also might be possible to run "make test" in a chroot environment. Is
> there any reason why everything after "apply the changeset" couldn't be
> walled off from the rest of the world?
I'd expect that patches would only be automatically merged from
trusted sources (like the patch lieutenants) so the code should
already be trustworthy.
That said, if there's an easy way to run the build process in a chroot
environment, it couldn't hurt (I don't know what difficulties might be
involved in making sure you can compile stuff successfully while
chroot'd).
-jivera
Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Tom Lord, 2004/07/06