> I think I tackled this on in another email. Synopsis: mach is defined > as a secure build environment. If it breaks, we need to fix mach. The > truly paranoid should do QA under a vserver, UML or even better on a > dedicated machine. > ok, no it's not defined that way. mach is a program to let you build packages in known-consistent build roots - it is not secure - someone could have an evil package spec file that can get out of the chroot and destroy you and your system(and your little dog, too) mach+djinni - is much more secure - but not mach by itself. mach was never intended to be so. -sv
