On Sunday, March 22, 2020 12:56 AM, Michael Catanzaro <mcatanz...@gnome.org> wrote:
> On Sat, Mar 21, 2020 at 1:21 pm, Christian Hergert > christ...@hergert.me wrote: > > > Those words sound incompatible to me in the same way that if you have > > access to Linux's perf, you can sniff pretty much any data you want on > > the system. > > We're talking about CI runners... we only need privileged access inside > the container running our CI, not outside it. Yes? It doesn't take much effort to get access outside a privilledged contianer sadly. But maybe we can have a shared 'privilledged' runner that's setup in a VM and gets wiped daily or such for the jobs outside the GNOME group that need it, such as forked repos. Jordan
publickey - jordan@alatiera.com - 0x0BDAD30B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list