[Python-Dev] Buildbot for AIX
Sébastien Sablé
sable at users.sourceforge.net
Mon Sep 20 16:34:35 CEST 2010
Hi Martin,
Le 17/09/2010 14:42, "Martin v. Löwis" a écrit :
> If you are having the build slave compile Python, I'd like to point
> out that you *already* run arbitrary shell commands provided by
> some external source: if somebody would check some commands into
> Python's configure.in, you would unconditionally execute them.
> So if it's ok that you run the Python build process at all, it should
> (IMO) also be acceptable to run a build slave.
>
> If there are concerns that running it under your Unix account gives it
> too much power, you should create a separate, locked-down account.
Someone messing with the configure script in python svn would probably
get noticed very quickly, but I agree this is also a security risk, and
the buildbot slave runs with a user with limited privileges.
I will try to convince the IT Team that this is an acceptable risk and
setup a chroot or something like that for the buildbot slave. That may
take some time.
Also could you provide me the master.cfg file (with obfuscated
passwords) that is used by the Python buildbot master or tell me if it
is in subversion somewhere?
I would like to make my script as close as possible to yours, in order
to propose a patch for the AIX specific flags that have to be used for
compilation on this platform when everything will be stable enough.
Regards
--
Sébastien Sablé
More information about the Python-Dev
mailing list