|
|
|
|
|
|
by ojkelly
1187 days ago
|
|
|
A lot of things could also potentially compromise a long-lived build server, to the point where it’s better not to be long lived. If it’s not practical to use a fresh machine/vm/container/function for each build, at least rotate them out more than once a day. You need full repeatable control over the execution environment for hermetic builds. I also agree rust needs to either fix mitigate this. One option you have is to disable networking on the build machine. |
|
|