www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan i <j...@apache.org>
Subject Re: Discussion on enabling users to specify own machines as dynamic hosts
Date Wed, 16 Apr 2014 20:08:38 GMT
On 16 April 2014 22:00, Alex Harui <aharui@adobe.com> wrote:

>
>
> On 4/16/14 12:43 PM, "OmPrakash Muppirala" <bigosmallm@gmail.com> wrote:
> >Except for one thing.  If a project wants to support nightly builds (quite
> >a few Apache projects seem to provide nightly builds), they better come
> >from an Apache controlled build server instead of a random developer's
> >machine/VM.
>
> Is that for some technical or financial reason or for perception?  Apache
> was hit by Heartbleed like lots of other places. I would worry more about
> the "safety" of nightly builds from a multi-project CI server than a
> single-project CI server.  What if some other project needs IE6 or some
> other vulnerable software to run a regression suite?
>

And from a PMC perspective I would worry about a build in a non-controlled
enviroment.

There is a big difference between developer builds which can happen
everywhere (I also build on my own machine), and builds that are sent to
tester or maybe even voted on.

the safety of the infra environment, is more that  we (infra) secure what
is installed and runs on these vms.

Dont misunderstand me, I am a fan of a central build-master, a set of fixed
build boxes, and give committers possibility to allow build (for their
project) to run on their machine. But we need to very carefull when talking
about a build that goes further than to the developer.

rgds
jan I.

>
> -Alex
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message