From owner-cvs-all@FreeBSD.ORG  Wed May 23 14:35:07 2012
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ECDF4106567A
	for <cvs-all@freebsd.org>; Wed, 23 May 2012 14:35:07 +0000 (UTC)
	(envelope-from bounces+73574-0f5f-cvs-all=freebsd.org@sendgrid.me)
Received: from o3.shared.sendgrid.net (o3.shared.sendgrid.net [208.117.48.85])
	by mx1.freebsd.org (Postfix) with SMTP id 8C1D68FC16
	for <cvs-all@freebsd.org>; Wed, 23 May 2012 14:35:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h=
	message-id:date:from:mime-version:to:cc:subject:references
	:in-reply-to:content-type:content-transfer-encoding; s=smtpapi;
	bh=5kktXbcBLTcUwqX+apSFuDDfmjw=; b=fnJrq92YCTh2Y9xK5uGJlMlnFK3u
	793Aiqy3614gqSysebwowYLT9IcF/xIEA02Z4NxyBApJ5kMPo6YDetpY/8wevw/H
	CRKKBGn+YsEfIs7YbKOc5owSR/9LlxCQUtvOm25UDI2BYqxzjEmBuOB2Gvwxpf6t
	OBts6TFZ7duEleQ=
Received: by 10.12.16.10 with SMTP id mf41.29053.4FBCF5948
	Wed, 23 May 2012 09:35:00 -0500 (CDT)
Received: from mail.tarsnap.com (unknown [10.9.180.5])
	by mi15 (SG) with ESMTP id 4fbcf594.6b62.27a1a2
	for <cvs-all@FreeBSD.org>; Wed, 23 May 2012 09:35:00 -0500 (CST)
Received: (qmail 77029 invoked from network); 23 May 2012 14:27:47 -0000
Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1)
	by mail.tarsnap.com with ESMTP; 23 May 2012 14:27:47 -0000
Received: (qmail 15479 invoked from network); 23 May 2012 14:34:06 -0000
Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1)
	by clamshell.daemonology.net with SMTP; 23 May 2012 14:34:06 -0000
Message-ID: <4FBCF55E.1090709@freebsd.org>
Date: Wed, 23 May 2012 07:34:06 -0700
From: Colin Percival <cperciva@freebsd.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:12.0) Gecko/20120509 Thunderbird/12.0.1
MIME-Version: 1.0
To: Baptiste Daroussin <bapt@FreeBSD.org>
References: <201205231334.q4NDYCMQ078804@repoman.freebsd.org>
	<1337780396.2024.2.camel@pav.hide.vol.cz>
	<9b15e44319f017bff90bc3caa1de79d9@bluelife.at>
	<1337781238.2024.7.camel@pav.hide.vol.cz>
	<20120523140611.GA64580@ithaqua.etoilebsd.net>
In-Reply-To: <20120523140611.GA64580@ithaqua.etoilebsd.net>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Sendgrid-EID: 8/Erxx0CtwltpqMwivyBUMXfKD0tWH7uaJdGxs4iteX14+mzfDlq35XrHpOdjX523BpCQf+YJDU5By/S8/wqELLiZOy2xoQOlUbKlz4zoS6pFXANKlYU7IUvPAiux51XjoKH1qXdhivoeOIUcvwbrA==
Cc: Martin Wilke <miwi@FreeBSD.org>, cvs-all@FreeBSD.org,
	ports-committers@FreeBSD.org, Pav Lucistnik <pav@FreeBSD.org>,
	cvs-ports@FreeBSD.org, Bernhard Froehlich <decke@FreeBSD.org>
Subject: Re: cvs commit: ports/databases/pg_filedump Makefile
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 14:35:08 -0000

On 05/23/12 07:06, Baptiste Daroussin wrote:
> Should network access be restricted at any moment during the package
> building, on automated build environment, if yes what phases are to be
> expected to be restricted?

Wearing my Security Officer Emeritus hat: How about all of them?  For automated
package building I'd like to see distfiles fetched onto a dedicated distfile
mirroring system and package builders fetching bits from there.

One system to provide source distfiles, one system to accept built packages, and
one system to control them all and in the cluster... *cough* never mind.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid