www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Discussion on enabling users to specify own machines as dynamic hosts
Date Thu, 17 Apr 2014 06:48:20 GMT


On 4/16/14 11:39 PM, "J├╝rgen Schmidt" <jogischmidt@gmail.com> wrote:

>On 4/16/14 10:57 PM, jan i wrote:
>> On 16 April 2014 22:45, Alex Harui <aharui@adobe.com> wrote:
>> 
>>>
>>>
>>> On 4/16/14 1:08 PM, "jan i" <jani@apache.org> wrote:
>>>>
>>>> And from a PMC perspective I would worry about a build in a
>>>>non-controlled
>>>> enviroment.
>>> Is an Azure VM considered "non-controlled"?  I get that my personal
>>> computer which I use for browsing the internet and reading email is
>>>prone
>>> to attack, but if an Azure VM is only running CI, isn't that safe
>>>enough
>>> for nightly builds which are not an official release?
>>>
>>>>
>>>> There is a big difference between developer builds which can happen
>>>> everywhere (I also build on my own machine), and builds that are sent
>>>>to
>>>> tester or maybe even voted on.
>>> Are we allowed to vote on bits built by a CI server?
>>>
>> 
>> I have raised this question a couple of times, and the answers have been
>> consistent:
>> 
>> As a PMC you need to get the source and build it, in order to validate
>>it,
>> but builds from trusted buildbots can be used for validation. And just
>>at
>> apacheCon denver one discussion concluded that build machines where we
>> (asf) do not know whats installed cannot be seen as secure.
>
>and we have nowadays enduser products like OpenOffice and where
>convenience binary builds are more important for the millions of users
>than the src release.
>
>We need a reliable build bot systems where we can build the binary
>releases in a controlled environment. Especially for Linux where we need
>a defined baseline to support as many as possible Linux distros.
>
>We still have no Mac build bot and the Linux bots don"t fulfill our
>baseline. There exists one centos bot (I believe 32 bit) as far as I
>know but it is not yet fully integrated and we would need a 64 bit bot
>as well.
>
>I hope with some more volunteers from the project we can bring this
>forward in the near future. It is quite important for the success of the
>project.
>
>Juergen
IMO, you should do that outside of Apache.  Subversion, for example, has
other entities that ship binaries.

-Alex


Mime
View raw message