From 0c8c510530d739117d9cfc5cf706e001ae62c0c7 Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Tue, 27 Sep 2016 06:26:22 +0200 Subject: Update idea: bbot security considerations --- bbot/security | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'bbot') diff --git a/bbot/security b/bbot/security index 47b7c85..8b70ff6 100644 --- a/bbot/security +++ b/bbot/security @@ -12,3 +12,11 @@ Will also probably have to limit the VM's execution time. We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW). + +* We could reboot the VM in "no network" mode; i.e., first fetch all the + packages, reboot, then build. + +* We could fetch all the packages (on host) and only then start the VM. The + problem will be conditional dependencies. Ideally we would want to cache + all of them (including conditional) and then make bpkg in the VM use the + cache. -- cgit v1.1