[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: fedora-startqa



> I think I tackled this on in another email. Synopsis: mach is defined
> as a secure build environment. If it breaks, we need to fix mach. The
> truly paranoid should do QA under a vserver, UML or even better on a
> dedicated machine.
> 

ok, no it's not defined that way.

mach is a program to let you build packages in known-consistent build
roots - it is not secure - someone could have an evil package spec file
that can get out of the chroot and destroy you and your system(and your
little dog, too)

mach+djinni - is much more secure - but not mach by itself.

mach was never intended to be so.

-sv




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]