-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Edwards wrote: >> - the issues of accessing private branches from the buildslaves >> scares me a bit, I hope we can avoid worrying about that until some >> time in 2010. > > Yeah, I had only considered the firewall rules from the slaves. > Presumably we'll need a buildd-slave SSH key that can access everything?
For trusted machines, we can grant them access to the internal http hosting that provides access to everything. This is used by loggerhead, for example. The problem is that the build slaves are not trusted machines-- they run arbitrary code. Perhaps we can upload the branches to the slaves instead of allowing the slaves to download them? That would reduce the scope for mischief to disclosing the contents of the private branches related to the recipe. > Hopefully yes. One thing that we need to make sure of is that *all* > build jobs must have a determinate build time. By this, you mean an ETA, or time-to-build? Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksEKwAACgkQ0F+nu1YWqI2VtwCghRhDEqJnQR6Isa1fW6phr7Ch CkAAniRxP0GnTvZJH/VhwzSOkAIzeKa0 =dsaM -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
