On Sat, Apr 07, 2018 at 03:45:29PM +0200, db wrote:
> On 7 Apr 2018, at 14:37, Ryan Schmidt <ryandes...@macports.org> wrote:
> > Only after a PR has been approved and merged to master should a
> > binary be uploaded anywhere.
> That's what I meant — but reusing buildbot for testing the PRs.

Remember that Portfiles can execute arbitrary code and root access is
available from Portfiles. We do not want to run arbitrary code in a PR
on the same build machines we use to build packages that we will
distribute to our users. A malicous attacker could modify the machines
in a way that packages built after that will be miscompiled.

This still leaves us with the option of just setting up a second VM next
to the ones we currently use to build packages and use this machine
(without resetting it) to build all PRs, but that would still give PRs
the possibility to sneak in spam bots or cryptocurrency miners which we
also don't want.

For these resons, we want to reset the machines to a clean state before
every build, which we could do with buildbot, but requires some python
magic that hasn't been written yet.


Reply via email to