summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2016-09-24 21:48:26 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2016-09-24 21:48:26 +0200
commit371f6b4cf661074d928c93ef9656daa6d557fb2c (patch)
tree8f84176a758a4bc94e41fdaee5164e2bd751b5f2
parentb1dc7de695bd9bc9affc49e77bcd726272047d67 (diff)
Add idea: bbot security considerations
-rw-r--r--bbot/security14
1 files changed, 14 insertions, 0 deletions
diff --git a/bbot/security b/bbot/security
new file mode 100644
index 0000000..47b7c85
--- /dev/null
+++ b/bbot/security
@@ -0,0 +1,14 @@
+- bbot security considerations [idea]
+
+* Probably the only way to build and more importantly run tests for untrusted
+ packages is in a throw-away virtual machine. I.e., clone the VM, build a
+ package (or a group of packages from the same group/vendor), and then throw
+ it away.
+
+ Immediate questions are how to extract the result and allow downloading of
+ dependent packages (if the network is locked down). We could probably mount
+ the image and copy the result out manually; a bit hairy but secure.
+
+ Will also probably have to limit the VM's execution time.
+
+ We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW).