On 15 Mar 2018, at 05:13, Ryan Schmidt <[email protected]> wrote: > Because PRs come from untrusted sources, we have to assume their contents are > tainted. So after any PR is finished building, the VM is tainted and we have > to throw it away and make a new one from our template for the next PR build.
> On Mar 14, 2018, at 07:25, db wrote: >> Otherwise, you could make the machines sync to the packages public server >> for the distributable, and to a private server for the non-distributable >> binaries. > I can't find an interpretation of that sentence that helps to solve the > prepopulation problem. I didn't know how you handled the templating. Couldn't you just prepopulate the cloned VM, take a snapshot, build the PR, restore the snapshot, eventually, delete the snapshot, update outdated, then retake it?
