On Friday 10 April 2009 17:54:41 Ian Clarke wrote: > On Fri, Apr 10, 2009 at 11:38 AM, Matthew Toseland > <[email protected]> wrote: > > We will lose this when moving to git anyway. Building Freenet involves running > > unit tests, and running build.xml. We can protect build.xml but we don't want > > to have to protect the unit tests ... so it's just not sensible > > security-wise, especially if we have an external provider hosting the version > > control system. > > Why can't we sandbox the build process? I see no good reason why we > should lose this.
Because all sandboxes are leaky. For example, you can escape a VM, that was one of the worries with the recent compromise on emu. > > >> - The bugtracker is also useful, I don't know whether it is hosted on emu or > >> somewhere else. > > > > This we will be able to continue. The website uses php, the bugtracker uses > > php, we will need to get a php host somewhere. > > Of course we may want to switch away from Mantis. In which case we will need to migrate our existing bugs. > > Ian.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
