Sorry for the delay.

On Monday, September 19, 2016 3:59:57 PM CEST Miroslav Suchý wrote:
> Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a):
> > Hi all,
> > 
> > this is probably proper place for such discussions -- I am curious what is 
> > the
> > plan with Docker stuff within Copr project.
> > 
> > Do you plan to make Fedora's copr hardly dependant on Docker images?
> You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?

It is related, but the question is rather general.  I would like to know
whether we plan to "dockerize" more stuff, etc.

> Previous week we worked on Mock security issue. This is fixed now. However it
> raised the question: is it smart to run mock-scm, pyp2rpm, gem2spec...
> directly on copr-dist-git machine?

Yup, copr-dist-git machine should share code, shouldn't generate anything
at all, similarly to Fedora's dist-git (if I understand the koji process

> It is run under non-privileged user, but still...  I can think about some
> attack vectors. For obvious reasons I will not disclose them publicly.
> So we wanted to build SRPM in environment, which will be discarded after SRPM
> build and hard to escape.  There are several ways how to implement it. But we
> chosen builds in Docker container. It will be used just for SRPM build.
> Nothing more. Is it problem for you?

This is rather unrelated to my original question, but I dislike that, as
IMO srpms should be build elsewhere, not on dist-git machine.  The other
question is how good isolation the docker actually is, I'll ping you

copr-devel mailing list --
To unsubscribe send an email to

Reply via email to