[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: fedora-startqa

From: seth vidal <skvidal phy duke edu>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: RE: fedora-startqa
Date: Fri, 02 Apr 2004 12:52:01 -0500

> I think I tackled this on in another email. Synopsis: mach is defined
> as a secure build environment. If it breaks, we need to fix mach. The
> truly paranoid should do QA under a vserver, UML or even better on a
> dedicated machine.
> 

ok, no it's not defined that way.

mach is a program to let you build packages in known-consistent build
roots - it is not secure - someone could have an evil package spec file
that can get out of the chroot and destroy you and your system(and your
little dog, too)

mach+djinni - is much more secure - but not mach by itself.

mach was never intended to be so.

-sv

References:
- RE: fedora-startqa
  - From: Erik LaBianca

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]