id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc,fix_version,see_also 88,Lock down chroots on debuild.mit.edu,tabbott,,"We should find a mechanism to lock down chroots on debuild.mit.edu. Users need to become root within the build chroots to install packages. Normally, chrooting isn't considered a security mechanism, and so by design it's possible for root to escape from a chroot, meaning that any user who has root within the build chroot can potentially acquire root outside of the chroot. This is a blocker for any sort of setup where debuild.mit.edu is open to the community.",enhancement,closed,trivial,,--,wontfix,,,,