Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Automated report: NetBSD-current/i386 build failure



On Sat, Nov 12, 2011 at 04:17:22PM +0200, Andreas Gustafsson wrote:
> 
> If that server were babylon5.netbsd.org (where the builds are done),
> and your mechanism could take a file lock for the duration of the
> replacement, then it would help.  But I'm not sure why being
> "project-run" should matter; even if a machine is project-run,
> it is not necessarily trusted.

We will not put the security of the CVS server at any more risk than
is necessary.  As a matter of policy, that means no automated processes
that run potentially vulnerable network clients talking to servers
which we do not control.

That's not going to change.  On the other hand, since the builds are
done on a TNF machine, there should be no problem.

In practice, since we do partial repository push, it is not necessary
to lock the repository before pushing -- and, in our experience, in
fact, locking the repository before pushing causes a lot more problems
than it solves.  I am going to assume that pushing the repository to
the build server in question will be sufficient and stop discussing
this publically -- I urge you to please take up issues about TNF
server administration via the admin ticket queue and, please, not
by public complaint here.

-- 
Thor Lancelot Simon                                    tls%panix.com@localhost
  "All of my opinions are consistent, but I cannot present them all
   at once."    -Jean-Jacques Rousseau, On The Social Contract


Home | Main Index | Thread Index | Old Index