After seeing this latest run of failures, does anybody still want to rely on build.a.o for anything?
If anything, we should ask builds@ to email their list when they do critical security upgrades so we can try to keep up on our build machine. I think there's a chance that a multi-project server is likely to have a huge pile of jars from all over the place which is more exposed than the few jars for our flex-only server. We just have to learn how to harden it at least as well as builds.a.o. Shouldn't that be possible? And I have to admit that I'm tempted to point the next version of the installer out to our Flex CI server for its config or mirror the whole site. We can't even modify our site right now. -Alex On 4/17/14 3:58 PM, "Justin Mclean" <jus...@classsoftware.com> wrote: >HI, > >> Do we want to at least use the ASF build server for providing official >> nightly dev builds? >+1 We can resonably trust infra machines to be secure and that non one >has fiddled with the nightly builds. Our own set up machines are likely >to be less secure and there's a small risk that something bad could >happen. > >Thanks, >Justin
