Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)

[James Blackwell]

>| On Mon, Jul 05, 2004 at 09:33:32PM -0400, James Blackwell wrote:
>|
>|>1. if necessary, register the submitted archive
>|>2. get the stated changeset
>|>2. generate a diff report from the changeset
>|>3. record the patchlogs
>|>4. get the development head (ex. address@hidden/tla--devo)
>|>5. apply the changeset against the development head
>|>6. attempt to compile the now modified dev. head and record results
>|>7. perform make test and record results


Peter Conrad wrote:
>| steps 6 and 7, when run automated and unattended, will allow the execution
>| of arbitrary code on the "merge tracker" machine. IMO patches *must* be
>| reviewed by a human before they're compiled.
>|
>| Bye,
>|      Peter
>


John Meinel wrote:
> Well, if you validate your submissions first, meaning you only allow
> people with a proper gpg signature or that sort of thing, then it
> shouldn't be as much of a problem.
>
> It also might be possible to run "make test" in a chroot environment. Is
> there any reason why everything after "apply the changeset" couldn't be
> walled off from the rest of the world?

If we take Peter's original statement for grounded, then make test is as
susceptable as anything else.

-- 
James Blackwell          Try something fun: For the next 24 hours, give
Smile more!              each person you meet a compliment!

GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D  247A 8A55 DA73 0635 7400