Date: Wed, 23 May 2012 07:34:06 -0700 From: Colin Percival <cperciva@freebsd.org> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: Martin Wilke <miwi@FreeBSD.org>, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org, Pav Lucistnik <pav@FreeBSD.org>, cvs-ports@FreeBSD.org, Bernhard Froehlich <decke@FreeBSD.org> Subject: Re: cvs commit: ports/databases/pg_filedump Makefile Message-ID: <4FBCF55E.1090709@freebsd.org> In-Reply-To: <20120523140611.GA64580@ithaqua.etoilebsd.net> References: <201205231334.q4NDYCMQ078804@repoman.freebsd.org> <1337780396.2024.2.camel@pav.hide.vol.cz> <9b15e44319f017bff90bc3caa1de79d9@bluelife.at> <1337781238.2024.7.camel@pav.hide.vol.cz> <20120523140611.GA64580@ithaqua.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/23/12 07:06, Baptiste Daroussin wrote: > Should network access be restricted at any moment during the package > building, on automated build environment, if yes what phases are to be > expected to be restricted? Wearing my Security Officer Emeritus hat: How about all of them? For automated package building I'd like to see distfiles fetched onto a dedicated distfile mirroring system and package builders fetching bits from there. One system to provide source distfiles, one system to accept built packages, and one system to control them all and in the cluster... *cough* never mind. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FBCF55E.1090709>