Add zarb MLs html archivesHEADmaster

1 files changed, 109 insertions, 0 deletions

diff --git a/zarb-ml/mageia-dev/20100927/000282.html b/zarb-ml/mageia-dev/20100927/000282.html
new file mode 100644
index 000000000..82366f18b
--- /dev/null
+++ b/zarb-ml/mageia-dev/20100927/000282.html
@@ -0,0 +1,109 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] Will this work for a build system?
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3C201009262349.32146.bgmilne%40multilinks.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   
+   <LINK REL="Next"  HREF="000280.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] Will this work for a build system?</H1>
+    <B>Buchan Milne</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3C201009262349.32146.bgmilne%40multilinks.com%3E"
+       TITLE="[Mageia-dev] Will this work for a build system?">bgmilne at multilinks.com
+       </A><BR>
+    <I>Mon Sep 27 00:49:31 CEST 2010</I>
+    <P><UL>
+        
+        <LI>Next message: <A HREF="000280.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#282">[ date ]</a>
+              <a href="thread.html#282">[ thread ]</a>
+              <a href="subject.html#282">[ subject ]</a>
+              <a href="author.html#282">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Sunday, 26 September 2010 18:14:15 Giuseppe Ghib&#242; wrote:
+&gt;<i> IMHO the idea of the cloud is not that bad
+</I>
+It has obviously already been thought about to some extent.
+
+&gt;<i> but need to be rethinked. I
+</I>&gt;<i> don't see so much flaws for security. If you inspire to what repsys is
+</I>&gt;<i> right now, the cloud would be like having several svn repositories
+</I>&gt;<i> mirrored around the world each one with a local iurt/repsys building
+</I>&gt;<i> system (it might be even partial, e.g. there could be BIG ones holding the
+</I>&gt;<i> whole svn|git tree, and smaller one holding just the latest release or the
+</I>&gt;<i> latest two releases, etc.). Each building system around the world will
+</I>&gt;<i> sign packages they build with their own signing keys and you know where
+</I>&gt;<i> they come from. And packages won't be resigned by a supposed master. Of
+</I>&gt;<i> course you have to trust their administrators, exactly like you right now
+</I>&gt;<i> have to trust single users submitting sources to the svn and bulding
+</I>&gt;<i> packages.
+</I>
+No, at present we trust users to submit source code, that can in theory be 
+audited quite easily.
+
+Changing a distributed model means you need to trust all users who have any 
+way to affect any of the toolchain on any of the hosts (taking into account 
+e.g. compiler trojans), or you need mechanisms to be able to validate it the 
+toolchain. While this could be done with a slow-moving distro, with a fast-
+moving one, where parts of the toolchain and integral libraries change on a 
+more-frequent-than-weekly basis, the manual overhead to update signed 
+filesystem images or similar would probably be excessive.
+
+Changing to a distributed, virtualised model brings in more issues (how about 
+trojaned hypervisor?), while possibly allowing to mitigate some ...
+
+What we could do in a more distributed fashion (e.g. on EC2 or similar), is 
+providing instances on which developers test/develop builds (such as the 
+interactive use of n*, chroot* etc. on Mandriva).
+
+&gt;<i> The most difficult things IMHO would be building from the same syncronized
+</I>&gt;<i> data. In that case you might choose a master server and several mirrors.
+</I>&gt;<i> The master might have multiple internet access points (e.g. from two
+</I>&gt;<i> providers) and will be the only one who might receive svn commits. Or a
+</I>&gt;<i> model without a master, I guess inspiring to a model what UseNET is (was),
+</I>&gt;<i> I think a lot more complicate. But in that case you have two direction of
+</I>&gt;<i> feeding and if two libraries are submitted in different user in nearest
+</I>&gt;<i> time, you need a system to check for coerency and set alarms in some
+</I>&gt;<i> cases.
+</I>&gt;<i> 
+</I>&gt;<i> IMHO one of the building problems was not massive automatic rebuilding but
+</I>&gt;<i> avoid bottenlecks to the users when building goes wrong.
+</I>
+But, there aren't usually very many cases like this which can be solved by 
+distributing outside the control of the foundation. A standby build 
+environment to go with a standby authoritative mirror host would be nice, but 
+it would need to same security as the production authoritative mirror host.
+
+Regards,
+Buchan
+</PRE>
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	
+	<LI>Next message: <A HREF="000280.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#282">[ date ]</a>
+              <a href="thread.html#282">[ thread ]</a>
+              <a href="subject.html#282">[ subject ]</a>
+              <a href="author.html#282">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>