- bbot security considerations [idea]

* Probably the only way to build and more importantly run tests for untrusted
  packages is in a throw-away virtual machine. I.e., clone the VM, build a
  package (or a group of packages from the same group/vendor), and then throw
  it away.

  Immediate questions are how to extract the result and allow downloading of
  dependent packages (if the network is locked down). We could probably mount
  the image and copy the result out manually; a bit hairy but secure.

  Will also probably have to limit the VM's execution time.

  We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW).