Hi Martin,
Le 17/09/2010 14:42, "Martin v. Löwis" a écrit :
If you are having the build slave compile Python, I'd like to point
out that you *already* run arbitrary shell commands provided by
some external source: if somebody would check some commands into
Python's configure.in, you would unconditionally execute them.
So if it's ok that you run the Python build process at all, it should
(IMO) also be acceptable to run a build slave.
If there are concerns that running it under your Unix account gives it
too much power, you should create a separate, locked-down account.
Someone messing with the configure script in python svn would probably
get noticed very quickly, but I agree this is also a security risk, and
the buildbot slave runs with a user with limited privileges.
I will try to convince the IT Team that this is an acceptable risk and
setup a chroot or something like that for the buildbot slave. That may
take some time.
Also could you provide me the master.cfg file (with obfuscated
passwords) that is used by the Python buildbot master or tell me if it
is in subversion somewhere?
I would like to make my script as close as possible to yours, in order
to propose a patch for the AIX specific flags that have to be used for
compilation on this platform when everything will be stable enough.
Regards
--
Sébastien Sablé
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
