Comments (9)
elliottslaughter
commented on May 18, 2024
I assume you handle dependencies when you add something to the whitelist? Otherwise I'll need to add more issues to cover the dependencies.
from apt-package-safelist.
BanzaiMan
commented on May 18, 2024
Ran tests and found setuid bits. See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72229412.
from apt-package-safelist.
elliottslaughter
commented on May 18, 2024
What line number(s) are you talking about?
These are the headers for the clang-3.5 package, which is already on the whitelist. To the best of my knowledge, there shouldn't be any binaries here, setuid or otherwise. When I glanced through the output of the log, it looked like the references to setuid were mostly associated with compiler and library support for syscalls. But anything contained in this package should merely be the headers and/or source corresponding to the already-whitelisted clang-3.5 binaries.
from apt-package-safelist.
BanzaiMan
commented on May 18, 2024
Ran tests and found setuid bits. See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72284973.
from apt-package-safelist.
elliottslaughter
commented on May 18, 2024
Rerun.
from apt-package-safelist.
anirudhSK
commented on May 18, 2024
Will this make it to the whitelist? I have a project that depends on this, and it's a little odd that libclang-3.4 through libclang-3.8 are all on the whitelist except for libclang-3.5
from apt-package-safelist.
elliottslaughter
commented on May 18, 2024
I'd suggest you email support to ask and let them know you're blocked on it ([email protected]). Last time I emailed them (around late September), this is what I got:
Firstly, we do plan to continue supporting the current Precise based environment that provides sudo access until we have a full replacement for it based on Trusty, as many of our users have a variety of build needs that mean they aren't best suited for a container based build.
At this time the apt whitelist is a trade-off we make to enable us support container based builds and being able to provide the increased boot and runtime speed they can bring to many builds, while also being able to support this in a multi-tenant fashion.
We do monitor the queue and we are aware that issues for more complicated sources and packages often do take a while to get processed, as we have to review them all for any possible privilege escalation scenarios they could introduce to the container based infrastructure.
We are working to increase the turn around time on this but it ultimately comes down to manpower for a lot of it.
We understand your frustration with the current turn around time though and appreciate you taking the time to send us feedback.
Please let us know if we can answer any other questions
from apt-package-safelist.
anirudhSK
commented on May 18, 2024
@elliottslaughter , thanks much for forwarding this email. I didn't realize until I saw your email that the Precise-based non-container environment was still available. Switching to that unblocked me for the time being, although I would like the convenience of containers long term. I will write to them about it.
from apt-package-safelist.
meatballhat
commented on May 18, 2024
This is now available for Trusty 👍
from apt-package-safelist.
Related Issues (20)
- APT whitelist request for libqdbm-dev in trusty HOT 2
- APT whitelist request for libslang2-dev in trusty HOT 2
- APT whitelist request for lynx in trusty HOT 2
- APT whitelist request for postgresql-10 in trusty HOT 2
- APT whitelist request for postgresql-client-10 in trusty HOT 2
- APT whitelist request for cabal-install-2.2 in Trusty HOT 3
- APT whitelist request for ghc-8.2.2 in Trusty HOT 2
- APT whitelist request for ghc-8.4.2 in Trusty HOT 2
- APT whitelist request for pastebinit in TRUSTY
- old clang not available on Precise anymore HOT 1
- APT safelist request for singular in trusty HOT 1
- APT whitelist request for meshlab in trusty
- APT whitelist request for blender in TRUSTY HOT 1
- APT whitelist request for openscad in TRUSTY
- APT safelist request for gstreamer0.10-plugins-ugly in trusty
- APT safelist request for tabix in TRUSTY
- APT safelist request for libportmidi0 in trusty
- APT safelist request for libsndio-dev in trusty
- .travis.yml: The 'sudo' tag is now deprecated in Travis CI
- APT whitelist request for lua-check in trusty
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apt-package-safelist.