On Wed, 07 Dec 2011 15:02:42 -0500 Przemek Klosowski <przemek.klosowski@xxxxxxxx> wrote: > On 12/07/2011 01:25 PM, seth vidal wrote: > > > If I were going to use random vm's I'd want to: > > 1. connect using ssh > > 2. push over my own rpm/python/etc binaries > > 3. checksum all the rest of the installed (and running) software > > 4. verify those checksums versus my known good set > > 5. THEN push over the pkgs to be built > > I'd say we need to be paranoid on this one and consider a tainted > kernel where your own binaries would report A-OK on a rigged gcc > because kernel has a special case for it. Test builds and QA might be > OK, but nothing that results in shipped bits. So I have two thoughts on this: 1. scratch or personal chainbuilds could be built in ec2 or rax or anywhere w/o an issue 2. for our shipping pkgs building them in the existing koji buildsystems and/or in a dedicated private cloud instance makes sense - if only for resource allocation and control. -sv -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
