From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 zarb-ml/mageia-dev/20100927/000295.html | 107 ++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 zarb-ml/mageia-dev/20100927/000295.html

(limited to 'zarb-ml/mageia-dev/20100927/000295.html')

diff --git a/zarb-ml/mageia-dev/20100927/000295.html b/zarb-ml/mageia-dev/20100927/000295.html
new file mode 100644
index 000000000..6a6f5ac3f
--- /dev/null
+++ b/zarb-ml/mageia-dev/20100927/000295.html
@@ -0,0 +1,107 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] Will this work for a build system?
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3CAANLkTikjmMcDvmtwAZ_Qw3Q%2BWj5B%3Dg8F5sL9RiPnCGa5%40mail.gmail.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="000292.html">
+   <LINK REL="Next"  HREF="000296.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] Will this work for a build system?</H1>
+    <B>Giuseppe Ghib&#242;</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3CAANLkTikjmMcDvmtwAZ_Qw3Q%2BWj5B%3Dg8F5sL9RiPnCGa5%40mail.gmail.com%3E"
+       TITLE="[Mageia-dev] Will this work for a build system?">ghibomgx at gmail.com
+       </A><BR>
+    <I>Mon Sep 27 11:51:19 CEST 2010</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="000292.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+        <LI>Next message: <A HREF="000296.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#295">[ date ]</a>
+              <a href="thread.html#295">[ thread ]</a>
+              <a href="subject.html#295">[ subject ]</a>
+              <a href="author.html#295">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>2010/9/27 Michael Scherer &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">misc at zarb.org</A>&gt;
+
+&gt;<i> Le lundi 27 septembre 2010 &#224; 03:19 +0200, vfmBOFH a &#233;crit :
+</I>&gt;<i> &gt; What about virtualization?
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; Maybe we could set-up some kind of cluster of remote and dedicated
+</I>&gt;<i> &gt; vm's as a
+</I>&gt;<i> &gt; unique build system. Could be a good workaround over security and
+</I>&gt;<i> &gt; integrity issues, 'cause we are using a &quot;single&quot; build system.
+</I>&gt;<i>
+</I>&gt;<i> Well, how do you garantee that the person who have physical access do
+</I>&gt;<i> not mess with the vm image ?
+</I>&gt;<i>
+</I>&gt;<i> Look at libvirt developers blog ( <A HREF="http://rwmj.wordpress.com/">http://rwmj.wordpress.com/</A> ) to see
+</I>&gt;<i> how easy it can be to externally mess with a virtual instance if you are
+</I>&gt;<i> root on the host computer.
+</I>&gt;<i> --
+</I>&gt;<i> Michael Scherer
+</I>&gt;<i>
+</I>&gt;<i>
+</I>The only way of doing this is NOT letting anyone packaging or uploading a
+tarball. Just have two different building system. One &quot;secure&quot; and the other
+of contributors (not unsecure, but with less checking). The secure one would
+download the tarball automatically from the original repositories:
+
+e.g.: suppose there is a package SPEC file containing:
+
+Source: <A HREF="http://blabla.com/openssh-5.5-1.tar.xz">http://blabla.com/openssh-5.5-1.tar.xz</A>
+Source1: <A HREF="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</A>
+
+An automatic system would try to retrieve from the <A HREF="http://blabla.com/">http://blabla.com/</A> site
+the packages
+<A HREF="http://blabla.com/openssh-5.5-1.tar.xz,">http://blabla.com/openssh-5.5-1.tar.xz,</A> or if not exists
+<A HREF="http://blabla.com/openssh-5.5-1.tar.bz2">http://blabla.com/openssh-5.5-1.tar.bz2</A> or
+<A HREF="http://blabla.com/openssh-5.5-1.tar.gz">http://blabla.com/openssh-5.5-1.tar.gz</A> or
+<A HREF="http://blabla.com/openssh-5.5-1.tar.">http://blabla.com/openssh-5.5-1.tar.</A> Then would retrieve the signature
+<A HREF="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</A> and would check with the one from
+the Database of signatures which has been already populated on the secure
+system. If the signatures checking would match, then tarball would be
+uploaded to the &quot;secure&quot; system svn and used for building instead of the one
+from the contributor/package maintainer.
+
+[Of course the system would fail if the package maintainer has downloaded
+the source tarball from the svn and not from a canonical repository, and to
+be further secure this system would require also signing of Patches].
+
+Bye.
+Giuseppe.
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: &lt;/pipermail/mageia-dev/attachments/20100927/dc48d94c/attachment.html&gt;
+</PRE>
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="000292.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+	<LI>Next message: <A HREF="000296.html">[Mageia-dev] Will this work for a build system?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#295">[ date ]</a>
+              <a href="thread.html#295">[ thread ]</a>
+              <a href="subject.html#295">[ subject ]</a>
+              <a href="author.html#295">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>
-- 
cgit v1.2.1