Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a):
> Hi all,
> this is probably proper place for such discussions -- I am curious what is the
> plan with Docker stuff within Copr project.
> Do you plan to make Fedora's copr hardly dependant on Docker images?

You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?

Previous week we worked on Mock security issue. This is fixed now. However it 
raised the question: is it smart to run
mock-scm, pyp2rpm, gem2spec... directly on copr-dist-git machine? It is run 
under non-privileged user, but still...
I can think about some attack vectors. For obvious reasons I will not disclose 
them publicly.

So we wanted to build SRPM in environment, which will be discarded after SRPM 
build and hard to escape.
There are several ways how to implement it. But we chosen builds in Docker 
container. It will be used just for SRPM
build. Nothing more. Is it problem for you?

Miroslav Suchy, RHCA
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
copr-devel mailing list -- copr-devel@lists.fedorahosted.org
To unsubscribe send an email to copr-devel-le...@lists.fedorahosted.org

Reply via email to