Re: Question about automated builder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Jan 28, 2011 at 9:08 AM, C Anthony Risinger <anthony@xxxxxxxx>wrote:

> On Fri, Jan 28, 2011 at 9:51 AM, Thomas S Hatch <thatch45@xxxxxxxxx>
> wrote:
> >
> > Jakob, YES! You are spot on here, one of the main motivations behind a
> > system like this is security. While I don't think that this is a problem
> > with our developers, I do think that it is a potential future problem,
> Arch
> > is continuing to grow and at an exponential pace. Security of Arch
> packages
> > is going to be an increasing issue. I don't want to open up the subject
> of
> > package signing here, but as a side note, a build system could greatly
> aid
> > aspects of security ranging from quality control to package signing and
> > software verification.
>
> iiiiiiii don't know about "exponential" ;-)
>
> while not perfect by any means, tracking the file list (and possibly
> sizes too) might be useful as a loose check for validity; if a package
> suddenly has new files or is vastly different from previous builds
> there might be an issue (not necessarily malicious either).
>
> i am kind of working on this same thing actually, but for my own
> personal mirror; i have many packages that i need auto built for
> several of my netbooks/laptops and VMs.  it would be nice if the tool
> was flexible enough to be used in this manner (personal/closed loop).
> right now i'm about to try some bauerbill + makepkg hackzors... if
> anyone has done this already i would love to hear about it in a new
> thread, because it will save me time :-)
>
> C Anthony
>

To be perfectly honest, a great deal of my motivation stems from the fact
that I could really use an automated Arch package build server for my
infrastructure at work, I have so many servers running Arch that manually
maintaining our private repo is a bit of a pain :)

But with that said I feel very strongly that my wants as a commercial user
of Arch are not on par with the needs of the Arch community in the manner,
in fact I would say that my wants from a commercial perspective should be
thrown out, I don't want my commercial use of Arch to taint the community,
it is one of my greatest fears as an Arch TU and contributor.


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux