Ignacio Vazquez-Abrams wrote: > On Sat, 2008-11-01 at 10:37 -0700, Toshio Kuratomi wrote: >> Also, do we trust mock with unaudited spec files? I know that we do >> trust it with unaudited tarballs but I don't know if this is a reason to >> open things up further. > > Doesn't the chroot mitigate most of the issues there might be in the > source package? It's supposed to but we have had issues in the past where the build process modified the host environment. I don't know if we traced that down to something escaping the chroot or if it was something that mock did before entering the chroot. In either case, if we go for a web app-only we need to decide whether we're comfortable building unaudited spec files from someone who may not have a Fedora Account yet (Note: You presently only need to have a bugzilla account when you submit your first package. This could be changed to cla_done for use of the review-o-matic web app) via a web app hosted in Fedora Infrastructure. If it was a script run on a reviewer's machine this would be something each reviewer could decide for themselves, possibly after prereviewing a certain portion of the package. > A VM can probably mitigate the rest. > As in creating and tearing down a xen guest every time a build is requested? That might help. review-o-matic would need the ability to do that, though, and Infrastructure needs to decide that they want to host a web app that has the ability to kick off creation and destruction of VMs. -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
