[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Critique of the Xen Security Process
> On 11 Nov 2015, at 09:43, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote: > >> Project Raisin is aiming to help with this > > Indeed, and it might also allow us to make some of the above options the > default in the future. > > Maybe in the meantime perhaps a ./configure --ensure-offline or --disable- > downloads which: > * either disables stubdoms automatically or checks you've passed -- > disable-stubdom as well > * either disables all the other things which might be cloned or requires > the corresponding --with-system-foo=, or has a guess at a default system > version > * sets FETCHER to /bin/false > > would be useful? (essentially as a guard against new options being required > to turn stuff off). > >> but it doesn't seem >> to have a lot of community effort behind it and it too attempts to >> install dependencies on my machine and wants to be run with sudo. > > I believe it has a mode where it simply checks for dependencies and tells > you what is required and thereby avoids the need for sudo, but I'm not > sure. It seems that raisin may provide a good baseline the for "build process security", but it would of course be good to hear this from others who have raised this issue. Assuming it is (we probably need a few ACKs for this), would it make sense to take this into a separate thread then (with an appropriate CC list), and refer to it from here? Regards Lars _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |