launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~jugmac00/launchpad-buildd:add-information-about-architecture-on-production into launchpad-buildd:master

To: mp+444925@xxxxxxxxxxxxxxxxxx
From: Jürgen Gmach <mp+444925@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Jun 2023 14:54:19 -0000
Reply-to: mp+444925@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Jürgen Gmach has proposed merging ~jugmac00/launchpad-buildd:add-information-about-architecture-on-production into launchpad-buildd:master.

Commit message:
Add additional information about production archtitecture

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~jugmac00/launchpad-buildd/+git/launchpad-buildd/+merge/444925
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad-buildd:add-information-about-architecture-on-production into launchpad-buildd:master.

diff --git a/docs/explanation/deployment.rst b/docs/explanation/deployment.rst
index 1f0d3fa..8073200 100644
--- a/docs/explanation/deployment.rst
+++ b/docs/explanation/deployment.rst
@@ -8,3 +8,13 @@ https://launchpad.net/~canonical-is-sa/+archive/ubuntu/buildd.  This is done
 by
 https://code.launchpad.net/~canonical-sysadmins/canonical-is-charms/launchpad-buildd-image-modifier
 (currently private, sorry).
+
+Using virtual machines rather than containers was a deliberate decision:
+
+- avoiding issues with nested containerization and
+- containers are not secure enough against being escaped by malicious code
+
+Please note that for
+`Launchpad CI <https://help.launchpad.net/Code/ContinuousIntegration>`_
+we additionally run LXD containers inside the virtual machines via
+`lpci <https://lpci.readthedocs.io/en/latest/>`_.