On Monday 20 March 2006 22:25, Grant <[EMAIL PROTECTED]> wrote about '[gentoo-user] Hosted server as distcc machine': > Is there anything wrong with > making a remote machine [a] distcc system?
Not really, but you do need to realize that distcc doesn't guarantee that jobs will be sent to the remote machines and will not prevent jobs from being run locally. If there are not enough distcc hosts to support the number of jobs being run, or the network is down to 1 or more, or other such issues, you might end up having too many compiles being run locally. This applies even if you put something like localhost/2 in your distcc hosts -- when distcc runs out of hosts it unconditionally uses local compilation. Also, distccd is a wide-open security hole: there's little to no restriction on what a client can run on the host, and AFAIK only ip/host-based restrictions on who can connect. A few, well-placed IP packets with spoofed sources could theoretically result in a rooted box (depending on other security features like firewalls, syn cookies, restricted shells, chroot jails, and presence of local privilege escalation exploits). It's probably better to use distcc over ssh, using an ssh-agent and PKI authentication. That does involve giving shell access to an account, but you probably already have an account that will work. :) Unfortunately, this removes the host's ability to limit simultaneous distcc jobs AFAIK. It also makes it quite a bit harder to distcc from cron, but most of the time that shouldn't be an issue. -- "If there's one thing we've established over the years, it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability." -- Gentoo Developer Ciaran McCreesh -- gentoo-user@gentoo.org mailing list
