GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Cloud Manul (cloud_manul@nrw.social)'s status on Saturday, 30-Mar-2024 09:44:08 JST Cloud Manul Cloud Manul
    • Haelwenn /элвэн/ :triskell:
    • Rich Felker

    @thesamesam @lanodan @dalias @mirabilos Hmm, I am not familiar with too many build engines in the OSS area, but the one I frequent (openSUSE build service) disables any network connection during the build itself. If a package needs something fetched from the Internet before the build starts, it must declare it, and the downloaded artefacts become part of the build archive/documentation.

    In conversation about a year ago from nrw.social permalink
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 09:44:06 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      • Rich Felker
      @cloud_manul @thesamesam @dalias @mirabilos It's a fairly usual case among distros but sadly there's few times where you end up enabling network access and sadly it's not always nicely flexible (like IIRC git-based recipes in gentoo aren't sandboxed from the network…).
      In conversation about a year ago permalink
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 09:59:50 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      • feld
      • Rich Felker
      @feld @dalias @cloud_manul @thesamesam @mirabilos Oh I'm pretty sure there's still systems out there without sandboxing in fact Alpine's abuild isn't network isolated.
      Pretty visible for things like Go packages where network isolation means either a ton of dependencies or ton of source tarballs (which is a bit why I barely touch anything go anymore).
      In conversation about a year ago permalink
    • Embed this notice
      feld (feld@bikeshed.party)'s status on Saturday, 30-Mar-2024 09:59:51 JST feld feld
      in reply to
      • Haelwenn /элвэн/ :triskell:
      • Rich Felker
      @lanodan @cloud_manul @thesamesam @dalias @mirabilos I think FreeBSD was one of the last to have sandboxed builds by default. People used to wreck their systems just building/installing installing ports (packages) locally because they weren't even chrooted lol

      I think that was completely fixed around 2010?
      In conversation about a year ago permalink
    • Embed this notice
      feld (feld@bikeshed.party)'s status on Saturday, 30-Mar-2024 10:00:38 JST feld feld
      in reply to
      • Haelwenn /элвэн/ :triskell:
      • feld
      • Rich Felker
      @lanodan @cloud_manul @thesamesam @dalias @mirabilos I remember it was like "I need to upgrade MySQL for this customer here we go"

      - stop MySQL
      - start the build
      - immediately it deletes the existing working packages / libraries
      - now you're in limbo. If it breaks for any reason the system is left in an insanely broken state.
      - now is when you have a nervous breakdown on the phone with the client
      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.