<div dir="ltr">On Fri, May 29, 2015 at 1:48 PM Jeremy Stanley <<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2015-05-28 23:09:41 +0200 (+0200), Thomas Goirand wrote:<br>> Also, it is my understanding that infra will not accept to use<br>
> long-living VMs, and prefer to spawn new instances.<br>
<br>
Right, after we run arbitrary user-submitted code on a server, we cease to be able to trust it and so immediately delete and replace
it.<br></blockquote><div> <br></div><div>I think is unnecessarily maximalist. Trust is not an all-or-nothing boolean flag: why can't you trust that server to do more work at the same level of trust and run another batch of user-submitted code?<br></div></div></div>