diff options
author | Boris Kolpackov <boris@codesynthesis.com> | 2016-09-24 21:48:26 +0200 |
---|---|---|
committer | Boris Kolpackov <boris@codesynthesis.com> | 2016-09-24 21:48:26 +0200 |
commit | 371f6b4cf661074d928c93ef9656daa6d557fb2c (patch) | |
tree | 8f84176a758a4bc94e41fdaee5164e2bd751b5f2 | |
parent | b1dc7de695bd9bc9affc49e77bcd726272047d67 (diff) |
Add idea: bbot security considerations
-rw-r--r-- | bbot/security | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/bbot/security b/bbot/security new file mode 100644 index 0000000..47b7c85 --- /dev/null +++ b/bbot/security @@ -0,0 +1,14 @@ +- bbot security considerations [idea] + +* Probably the only way to build and more importantly run tests for untrusted + packages is in a throw-away virtual machine. I.e., clone the VM, build a + package (or a group of packages from the same group/vendor), and then throw + it away. + + Immediate questions are how to extract the result and allow downloading of + dependent packages (if the network is locked down). We could probably mount + the image and copy the result out manually; a bit hairy but secure. + + Will also probably have to limit the VM's execution time. + + We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW). |