|Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.|
On 09/14/2011 10:02 AM, Ed Merks wrote:
I agree with Doug.Off the top of my head:
1. run a build on a remote system and compare the pre-signed binaries.
2. run a past build and compare today's binaries with those in the past.
3. run a build and examine the execution trace.
4. run a build, run the executable and examine network output for unknown activity.
Go download the latest Linux Kernel from Kernel.org and tell me if there is ever a more appropriate time than 'now' to discuss security.I also have to question whether this change during the SR1 shutdown phase is appropriate timing...
Back to the top