[Mageia-dev] Will this work for a build system?

vfmBOFH vfmbofh at gmail.com
Mon Sep 27 03:19:16 CEST 2010


2010/9/26 Giuseppe Ghibò <ghibomgx at gmail.com>

>
>
> 2010/9/26 nicolas vigier <boklm at mars-attacks.org>
>
> On Sun, 26 Sep 2010, joris dedieu wrote:
>>
>> > 2010/9/26 Olivier Blin <mageia at blino.org>:
>> > >
>> > > Because there are some authentication and integrity issues which are
>> not
>> > > simple to solve: we have to be sure that the binary packages really
>> come
>> > > from the unmodified SRPM (so that it does not contains malware).
>> >
>> > This can be avoid by
>> > - building every package twice (also useful for integrity check)
>>
>> Then you can still do it with two hosts adding malware instead of one.
>>
>
> What this means? Two RPMs built at different time will result different,
> even the executable binaries when built on the same hardware at different
> time might be different (because of timestamps, etc.).
>
> IMHO the idea of the cloud is not that bad but need to be rethinked.
>

What about virtualization?

Maybe we could set-up some kind of cluster of remote and dedicated vm's as a
unique build system. Could be a good workaround over security and integrity
issues, 'cause we are using a "single" build system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-dev/attachments/20100927/04b37deb/attachment.html>


More information about the Mageia-dev mailing list