www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Discussion on enabling users to specify own machines as dynamic hosts
Date Thu, 17 Apr 2014 06:48:20 GMT

On 4/16/14 11:39 PM, "J├╝rgen Schmidt" <jogischmidt@gmail.com> wrote:

>On 4/16/14 10:57 PM, jan i wrote:
>> On 16 April 2014 22:45, Alex Harui <aharui@adobe.com> wrote:
>>> On 4/16/14 1:08 PM, "jan i" <jani@apache.org> wrote:
>>>> And from a PMC perspective I would worry about a build in a
>>>> enviroment.
>>> Is an Azure VM considered "non-controlled"?  I get that my personal
>>> computer which I use for browsing the internet and reading email is
>>> to attack, but if an Azure VM is only running CI, isn't that safe
>>> for nightly builds which are not an official release?
>>>> There is a big difference between developer builds which can happen
>>>> everywhere (I also build on my own machine), and builds that are sent
>>>> tester or maybe even voted on.
>>> Are we allowed to vote on bits built by a CI server?
>> I have raised this question a couple of times, and the answers have been
>> consistent:
>> As a PMC you need to get the source and build it, in order to validate
>> but builds from trusted buildbots can be used for validation. And just
>> apacheCon denver one discussion concluded that build machines where we
>> (asf) do not know whats installed cannot be seen as secure.
>and we have nowadays enduser products like OpenOffice and where
>convenience binary builds are more important for the millions of users
>than the src release.
>We need a reliable build bot systems where we can build the binary
>releases in a controlled environment. Especially for Linux where we need
>a defined baseline to support as many as possible Linux distros.
>We still have no Mac build bot and the Linux bots don"t fulfill our
>baseline. There exists one centos bot (I believe 32 bit) as far as I
>know but it is not yet fully integrated and we would need a 64 bit bot
>as well.
>I hope with some more volunteers from the project we can bring this
>forward in the near future. It is quite important for the success of the
IMO, you should do that outside of Apache.  Subversion, for example, has
other entities that ship binaries.


View raw message