[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please review

From: bill-auger
Subject: Re: Please review
Date: Sun, 27 Jun 2021 21:10:22 -0400

On Sun, 27 Jun 2021 20:30:53 -0400 Richard wrote:
>   > thats a good point, providing that the build script has full
>   > sudo access - some of them do not  
> Er, what point is this about?

some forges have CI service integration (triggering auto-builds
on a remote server) - some may allow the user may configure the
hook to contact a custom server, operated by that user - the
forge service may also host the build server as well - some
forges may offer both options

so the questions is: "who controls that server?"

those managed CI services typically parse a config file, which is
committed to the repo - the config file specifies the build
environment and recipe (often with restrictions) - some of those
CI VMs, will allow those config script to act as root - in that
case (presumably), the user has total control over the OS in the
VM, so perhaps those is not the classis case of SaaSS - that
scenario would be more like renting a remote server, and
running your own CI service (eg: jenkins)

in other cases (as i explained a few months ago, WRT rented
VMs), the user may not be able to modify the provided OS; but
only have permission to a non-privileged or chroot directory on a
shared system, or docker container

On Sun, 27 Jun 2021 20:32:29 -0400 Richard wrote:
> The other case where CI is not SaasSS is when the CI service is
> provided by a project you are working on.  That is often the case
> for GNU.
as explained above, that may or may not be the case - it would
depend on whether the forge may be configured to bring-your-own
build server, or if one may only use the build server provided by
the forge host

this next point is perhaps not so important, but this "CI"
feature is actually a trivial feature - most forges have a web
hooks feature, which send a simple request to any standard HTTP
server, indicating that the code-base has changed - that HTTP
server could handle the message in any arbitrary way (posting a
notice to IRC, triggering a build, etc); so this is not really a
concern for those who operate their own build server

it may be important for this list, in the case that the build
server is operated by the forge, or by a third-party; because
most often, the only provided OS is ubuntu - so, even if the user
has full root access, the one thing the user could not do is
install a libre OS on it

reply via email to

[Prev in Thread] Current Thread [Next in Thread]