httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: automated platform testing
Date Thu, 19 Mar 1998 04:37:03 GMT
On Wed, 18 Mar 1998, Brian Behlendorf wrote:

> <security paranoia=high>
> This in effect gives every apache developer with commit access a shell
> account on all test machines.  
> </security>

Yup.  But the only reason this should scare you is that it is pointed out
explicitly.  There are much more troublesome trust relationships going on
that I'm still fighting about how to solve.  Have ideas, but haven't
implemented anything.

I am not overly concerned about exposing the test machines; the risk
simply has to be made clear. If someone is paranoid, they can do it
chrooted easily enough if they don't mind a gazillion copies of things in
their chrooted environment (probably a bad idea since it could be diffrent
from the "real" environment and cause or hide problems). 

> Otherwise, I really like the idea, so long as it's as automated and
> organized as we can make it.  I don't envy the work Ben must put in to
> distill the essential error messages from the daily build reports!
> Is there a way we could address the security issue?  I guess the shell
> scripts are all we need to really worry about.
> Don't take this paranoia the wrong way; I love y'all like family. :)
> 	Brian
> At 09:38 PM 3/17/98 -0700, Marc Slemko wrote:
> >Put together a script that can be run automatically to build binaries.
> >
> >Mail the output to an email address, that looks to find changes and errors
> >and whines about that and puts the full output on the web.
> >
> >Hopefully, have the person whose box it is normally be able to act as a
> >contact for that platform.
> >
> >This is similar to Ben Hyde's build reports, except that it is designed
> >for easy distribution across a larger number of machines around
> >everywhere.
> >
> >It would be cool to build in automatic binary builds for releases into
> >this, but I do not consider that wise because we can not distribute
> >binaries from any old machine and we should welcome any old machine to
> >participate; one per platform, of course. 
> >
> >This gives an easier way to be sure things at least build before release,
> >and is especially useful when 2.0 work gets going to try to maintain some
> >semblence of portability as it goes without big hassles.  Many build
> >issues can be dealt with easily without having access to the platform.
> >
> >
> >
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> specialization is for insects

View raw message