summaryrefslogtreecommitdiff
path: root/bbot/security
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2016-09-27 06:26:22 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2016-09-27 06:26:22 +0200
commit0c8c510530d739117d9cfc5cf706e001ae62c0c7 (patch)
tree30f1327e08195a81d06120577fe58acebf266864 /bbot/security
parentcbfe0e5805746f5556e911e5e632ab63a5ae4efc (diff)
Update idea: bbot security considerations
Diffstat (limited to 'bbot/security')
-rw-r--r--bbot/security8
1 files changed, 8 insertions, 0 deletions
diff --git a/bbot/security b/bbot/security
index 47b7c85..8b70ff6 100644
--- a/bbot/security
+++ b/bbot/security
@@ -12,3 +12,11 @@
Will also probably have to limit the VM's execution time.
We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW).
+
+* We could reboot the VM in "no network" mode; i.e., first fetch all the
+ packages, reboot, then build.
+
+* We could fetch all the packages (on host) and only then start the VM. The
+ problem will be conditional dependencies. Ideally we would want to cache
+ all of them (including conditional) and then make bpkg in the VM use the
+ cache.