[prev in list] [next in list] [prev in thread] [next in thread]
List: postgresql-general
Subject: Re: [HACKERS] Buildfarm "master-next" branch?
From: Magnus Hagander <magnus () hagander ! net>
Date: 2014-04-29 19:51:20
Message-ID: CABUevEyGjS-KmvPpXqKpn-q7Hjzhda3BzooyRZWsuFpROyVnuQ () mail ! gmail ! com
[Download RAW message or body]
On Tue, Apr 29, 2014 at 9:11 PM, Jim Nasby <jim@nasby.net> wrote:
> On 4/17/14, 9:38 AM, Tom Lane wrote:
>
>> But the ability to easily spin up temporary branches for testing would
>>>> >>also be great. Unfortunately, I suspect that only a minority of the
>>>> >>buildfarm owners would choose to participate, which would make it less
>>>> >>useful, but if we could solve that problem I'd be all in favor of it.
>>>>
>>> >... Of course, all this would be done in my copious spare time*cough*.
>>> I'm
>>>
>>> >not sure this would be the best use of it.
>>>
>> I agree that this would not be worth the effort needed to make it happen.
>>
>
> There's also a sizeable security risk there, of someone putting something
> malicious in a branch and then triggering a run from that branch. I suppose
> that could be overcome if this was purposefully limited to the main git
> repo that only our core committers had access to, but we'd need to be
> careful.
I would suggest a separate repo to keep the main one "clean", but other
than that, yes, it would have to be limited to the same committers as the
rest I think.
It's reasonably easy to set up build environments in containers/jais on
many Unix boxes where that would actually not be a problem (just blow the
whole jail away once the build is complete), but one of the main platforms
that people would want to use this on I bet is Windows, which has no such
facilities AFAIK.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
[Attachment #3 (text/html)]
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 29, 2014 \
at 9:11 PM, Jim Nasby <span dir="ltr"><<a href="mailto:jim@nasby.net" \
target="_blank">jim@nasby.net</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <div class="">On 4/17/14, 9:38 AM, Tom Lane wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> But the ability to easily spin up temporary branches for \
testing would<br> >>also be great. Unfortunately, I suspect that only a \
minority of the<br> >>buildfarm owners would choose to participate, which would \
make it less<br> >>useful, but if we could solve that problem I'd be all in \
favor of it.<br> </blockquote></div>
>... Of course, all this would be done in my copious spare time*cough*. \
I'm<div class=""><br> >not sure this would be the best use of it.<br>
</div></blockquote><div class="">
I agree that this would not be worth the effort needed to make it happen.<br>
</div></blockquote>
<br>
There's also a sizeable security risk there, of someone putting something \
malicious in a branch and then triggering a run from that branch. I suppose that \
could be overcome if this was purposefully limited to the main git repo that only our \
core committers had access to, but we'd need to be careful.</blockquote> \
<div><br></div><div>I would suggest a separate repo to keep the main one \
"clean", but other than that, yes, it would have to be limited to the same \
committers as the rest I think.</div><div><br></div><div>It's reasonably easy to \
set up build environments in containers/jais on many Unix boxes where that would \
actually not be a problem (just blow the whole jail away once the build is complete), \
but one of the main platforms that people would want to use this on I bet is Windows, \
which has no such facilities AFAIK. </div> </div><div><br></div>-- <br> Magnus \
Hagander<br> Me: <a href="http://www.hagander.net/" \
target="_blank">http://www.hagander.net/</a><br> Work: <a \
href="http://www.redpill-linpro.com/" \
target="_blank">http://www.redpill-linpro.com/</a> </div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic