Hi, Jeremy,
Jeremy Drake wrote:
>>> Another possibility would be to test these patches in some kind of virtual
>>> machine that gets blown away every X days, so that even if someone did get
>>> something malicious in there it wouldn't last long.
>
> Or just have a snapshot which is reverted after each run, and read-only
> access to files used to do the build. I know vmware supports this,
> probably others too...
A chroot / fakeroot combined with unionfs should do the same, probably
with less effort. There are other user-mode jail projects that also
block networking.
Markus
--
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS
Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org