Return-Path: <dkg@fifthhorseman.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id C8490431FBF
	for <notmuch@notmuchmail.org>; Fri,  9 May 2014 14:07:05 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
	autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6xc31FNUT0yX for <notmuch@notmuchmail.org>;
	Fri,  9 May 2014 14:06:58 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
	by olra.theworths.org (Postfix) with ESMTP id 33BE2431FBC
	for <notmuch@notmuchmail.org>; Fri,  9 May 2014 14:06:58 -0700 (PDT)
Received: from [10.9.1.250] (unknown [200.238.1.1])
	by che.mayfirst.org (Postfix) with ESMTPSA id A3636F984;
	Fri,  9 May 2014 17:06:53 -0400 (EDT)
Message-ID: <536D26DD.1070309@fifthhorseman.net>
Date: Fri, 09 May 2014 16:05:01 -0300
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Icedove/24.5.0
MIME-Version: 1.0
To: "Wael M. Nasreddine" <wael.nasreddine@gmail.com>, notmuch@notmuchmail.org
Subject: Re: [PATCH] Add Travis-CI config file.
References: <1399645162-8653-1-git-send-email-wael.nasreddine@gmail.com>
In-Reply-To: <1399645162-8653-1-git-send-email-wael.nasreddine@gmail.com>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="27xpMxQb1nj7cbfIiND1Su7vsccnhF480"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2014 21:07:05 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--27xpMxQb1nj7cbfIiND1Su7vsccnhF480
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 05/09/2014 11:19 AM, Wael M. Nasreddine wrote:
> ---
>  .travis.yml | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>  create mode 100644 .travis.yml
>=20
> diff --git a/.travis.yml b/.travis.yml
> new file mode 100644
> index 0000000..8d92cdc
> --- /dev/null
> +++ b/.travis.yml
> @@ -0,0 +1,10 @@
> +language: c
> +before_install:
> +  - sudo apt-get update -qq
> +  - wget 'https://launchpad.net/ubuntu/+archive/primary/+files/zlib1g-=
dev_1.2.8.dfsg-1ubuntu1_amd64.deb'
> +  - wget 'https://launchpad.net/ubuntu/+archive/primary/+files/zlib1g_=
1.2.8.dfsg-1ubuntu1_amd64.deb'
> +  - sudo dpkg -i zlib1g-dev_1.2.8.dfsg-1ubuntu1_amd64.deb zlib1g_1.2.8=
=2Edfsg-1ubuntu1_amd64.deb

The above strikes me as a problem waiting to happen.

If there are specific versions of zlib that need to be installed, and we
know what the package is that needs to be installed, at the very least,
the scripts to fetch each package should verify a strong cryptographic
digest of the package before directly installing it from the network.

if the digest doesn't match, then the script should abort with a
failure, before installing the packages.

	--dkg



--27xpMxQb1nj7cbfIiND1Su7vsccnhF480
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJTbSbdXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcG6UQAKnWeQaTn+9Xp3BVrmPJwJyE
Ifmp08yuV4HNHsVXhp5xqpzDcljBTWbR4czJhzuuGoFTQUgemJ1VPC8gMV+N3q65
GvePUNe8ITicUcna/01Vd8+J0YdNFlvNCbGvKEAojhos40RtiRc8cxAVc8JnVBCS
YWbKCMb/XRpEazT4nQa5UWlSrxgbl46pprGMRw5f1M3yAUj35r+BU6dxhKdJUB/z
vMHyzHko2O7AE8CdB1FkV2ED5cws4JwEGa4xL9SutMVSB1oBkgFE9HQXSvWX+z8N
C97qgp4lPFBXyGeBhXv/aY5p4LR3T8L28DhxOAM9JUBKoqCzUSRYYGHjyE2eSvq/
ex59fKoVm7SYfBgJL9a5R+ifsRe9nnL3NDk8hCtBB9HwEoWyhmgRbfk6KenwNL1c
p/0OgJXb6YlZ6GUWmCV/1EjCP+ZJOYfSfnW3q4o1j0QuqeGosRVvmtkAgnHxU7h6
nlGsB/wQJ/6kqB4tldZkDKwFa4o6t8V9DTRNR04xqUTbJGFsoghdS7k7IYhlXeiv
8xeZuy+inhJE41gQFHXA9+XoByugWQRmDnujNnyuj71aAYFHW/dZuRJs4T4Ihzr0
emEbKINwuukRWD7voFGAC40JoKIbywHHFNqqIxUTTMHCA6/EvsOgKVBO50kfxR/9
PK5yI6/WmKVar59NPLuq
=c0le
-----END PGP SIGNATURE-----

--27xpMxQb1nj7cbfIiND1Su7vsccnhF480--