[Python-Dev] [issue1633863] AIX: configure ignores $CC

["Martin v. Löwis"]

Hi Sebastien,

> Unfortunately, I don't think this solution is possible for me: I don't
> think the security team in my company would appreciate that a server
> inside our network runs some arbitrary shell commands provided by some
> external source.

I still think this would be the best thing, and I feel that from a 
security point of view, it doesn't really differ from what you are
doing now already - see below.

> Neither can I expose the buildbot master web interface.

That shouldn't be necessary.

> Also I had to customize the buildbot rules in order to work with some
> specificities of AIX (see attached master.cfg), and I can't guarantee
> that this buildbot will run 24 hours a day; I may have to schedule it
> only once at night for example if it consumes too much resources.
>
> (And the results are very unstable at the moment, mostly because of
> issue 9862).

If you are having the build slave compile Python, I'd like to point
out that you *already* run arbitrary shell commands provided by
some external source: if somebody would check some commands into 
Python's configure.in, you would unconditionally execute them.
So if it's ok that you run the Python build process at all, it should
(IMO) also be acceptable to run a build slave.

If there are concerns that running it under your Unix account gives it
too much power, you should create a separate, locked-down account.

> On the other hand, I could upload the build results with rsync or scp
> somewhere or setup some MailNotifier if that can help.
>
> How do you think I could share those results?

I'd be hesitant to support this as a special case. If the results
are not in the standard locations, people won't look at them, anyway.
Given that one often also needs access to the hardware in order to
fix problems, it might be sufficient if only you look at the buildslave
results, and create bug reports whenever you notice a problem.

Regards,
Martin