|Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.|
On 14/09/2011 7:09 AM, Denis Roy wrote:
On 09/14/2011 10:02 AM, Ed Merks wrote:Compare binaries? Builds often produce different results because some aspect of a time stamp is encoded in the build result, e.g., the qualifier... (Eike was telling me that his Javadoc build produces different results from time-to-time when applied to the same source.)I agree with Doug.Off the top of my head:
Getting one build working is already a huge challenge getting two producing identical results. Have fun release engineers....
Same problem as before. We do expect each build to be different. So this suggestion comes down to replicating builds such that they produce identical results and then relying on the replicas having different security characteristics such that they won't both be compromised in the same way. It's a nice idea, but, good luck to the release engineers on that one...
I can feel my brain overflowing and numbing just at the thought of this.
When I hack it, I'll make sure it doesn't do anything until the 10th time someone runs it, or until the next leap day, or at a random point in the future.
No, but it's still a reasonable question. In the end, it's all about balancing risks and so intelligent people will differ in their opinion.
Back to the top