Return-Path: 
 <infrastructure-dev-return-2536-apmail-infrastructure-dev-archive=apache.org@apache.org>
X-Original-To: apmail-infrastructure-dev-archive@minotaur.apache.org
Delivered-To: apmail-infrastructure-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D81D310BE4
	for <apmail-infrastructure-dev-archive@minotaur.apache.org>;
 Wed, 16 Apr 2014 23:44:31 +0000 (UTC)
Received: (qmail 76496 invoked by uid 500); 16 Apr 2014 23:44:25 -0000
Delivered-To: apmail-infrastructure-dev-archive@apache.org
Received: (qmail 76370 invoked by uid 500); 16 Apr 2014 23:44:25 -0000
Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:infrastructure-dev-help@apache.org>
List-Unsubscribe: <mailto:infrastructure-dev-unsubscribe@apache.org>
List-Post: <mailto:infrastructure-dev@apache.org>
List-Id: <infrastructure-dev.apache.org>
Reply-To: infrastructure-dev@apache.org
Delivered-To: mailing list infrastructure-dev@apache.org
Received: (qmail 76362 invoked by uid 99); 16 Apr 2014 23:44:24 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Apr 2014 23:44:24 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=10
	tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
X-Spam-Check-By: apache.org
Received-SPF: unknown (athena.apache.org: error in processing during lookup of
 aharui@adobe.com)
Received: from [207.46.163.242] (HELO
 na01-by2-obe.outbound.protection.outlook.com) (207.46.163.242)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Apr 2014 23:44:18 +0000
Received: from BL2PR02MB500.namprd02.prod.outlook.com (10.141.95.147) by
 BL2PR02MB499.namprd02.prod.outlook.com (10.141.95.143) with Microsoft SMTP
 Server (TLS) id 15.0.918.8; Wed, 16 Apr 2014 23:43:57 +0000
Received: from BL2PR02MB500.namprd02.prod.outlook.com ([10.141.95.147]) by
 BL2PR02MB500.namprd02.prod.outlook.com ([10.141.95.147]) with mapi id
 15.00.0918.000; Wed, 16 Apr 2014 23:43:57 +0000
From: Alex Harui <aharui@adobe.com>
To: "infrastructure-dev@apache.org" <infrastructure-dev@apache.org>
Subject: Re: Discussion on enabling users to specify own machines as dynamic
 hosts
Thread-Topic: Discussion on enabling users to specify own machines as
 dynamic hosts
Thread-Index: 
 AQHPWaXAR4sF/aeED0ynZqfwXuxD5ZsUmi0A//+SoACAAHhNAP//j0YAgAB3owD//5TaAAAPGryAAAHfXwD//6ofAA==
Date: Wed, 16 Apr 2014 23:43:56 +0000
Message-ID: <CF744AA1.1FA53%aharui@adobe.com>
References: 
 <CAGaRif1i-LhduVZhDXpgr1WPUyp7rMt0EMnFCzg6fcm-EryWkQ@mail.gmail.com>
 <CACK5iZcCQ5Bar2tiVVQAQpcJC_XM0OxH=65ugBR9k1XSe+-FfA@mail.gmail.com>
 <CF742729.1F96C%aharui@adobe.com>
 <CACK5iZfMQTr7G0Ai7Y1bMUkQJeJseFWEa3VZyOT9s0Fj14J3cg@mail.gmail.com>
 <CF742D98.1F98B%aharui@adobe.com>
 <CAK2iWdRNFKoqaTKavqEHu67-xJQ5EKu4hC0r=+EB2gsfGc1X=g@mail.gmail.com>
 <CF74391A.1F9FB%aharui@adobe.com>
 <CAK2iWdRf8SwQFZb7hAofqWnowXQcK9nrTSRGO-O2UA7cbewBBQ@mail.gmail.com>
 <CACK5iZeY_NswTGHDpNM-jFskBxFRjwACFcfCcvnbR2xm4sW7VA@mail.gmail.com>
In-Reply-To: 
 <CACK5iZeY_NswTGHDpNM-jFskBxFRjwACFcfCcvnbR2xm4sW7VA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [63.229.18.107]
x-forefront-prvs: 01834E39B7
x-forefront-antispam-report: 
 SFV:NSPM;SFS:(10019001)(6009001)(428001)(189002)(199002)(479174003)(377454003)(51704005)(24454002)(77982001)(92726001)(31966008)(4396001)(79102001)(36756003)(85852003)(20776003)(86362001)(2656002)(92566001)(99396002)(87936001)(83072002)(81542001)(76482001)(74662001)(46102001)(83506001)(80976001)(74502001)(54356999)(81342001)(66066001)(76176999)(80022001)(77096999)(99286001)(50986999)(83322001)(19580405001)(19580395003);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR02MB499;H:BL2PR02MB500.namprd02.prod.outlook.com;FPR:E4B4F0EA.94F75EC9.F5E598AC.C6E96971.2022E;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (: adobe.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9C84BBAD77EFCE44B819A37559C9674B@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-Virus-Checked: Checked by ClamAV on apache.org



On 4/16/14 2:51 PM, "OmPrakash Muppirala" <bigosmallm@gmail.com> wrote:
>>> >There is a big difference between developer builds which can happen
>> > >everywhere (I also build on my own machine), and builds that are
>>sent to
>> > >tester or maybe even voted on.
>> > Are we allowed to vote on bits built by a CI server?
>> >
>>
>> I have raised this question a couple of times, and the answers have been
>> consistent:
>>
>> As a PMC you need to get the source and build it, in order to validate
>>it,
>> but builds from trusted buildbots can be used for validation. And just
>>at
>> apacheCon denver one discussion concluded that build machines where we
>> (asf) do not know whats installed cannot be seen as secure.
>>
>>
>Also, official releases need to be signed by a committer (Release Manager)
>There is a chance that the artifact could get corrupted (maliciously or
>because of a network error) during the download to the committers machine.
>It seems unwise for a committer to sign an artifact that they din't build
>themselves.
That's true, but I think I've seen others argue that if the buildbot has a
checksum on the bits you know it didn't get corrupted coming to your
machine.

-Alex