david_chisnall on Nostr: nprofile1q…88x0h I’d be very nervous using that for tenant isolation. Is there a ...

nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqkzk9pnwftlas9zt2kwmklw82anvtt05kck5qeey4f5thr4u2vr3sr88x0h (nprofile…8x0h) I’d be very nervous using that for tenant isolation. Is there a reason not to use ephemeral VMs (which have a much smaller attack surface than a Linux kernel) for CI as other providers do? I’m not sure what your host infrastructure looks like, but creating ZFS clones of base VM images should be as fast as creating a container filesystem and a modern OS can boot in under a second (FreeBSD on Firecracher can boot in under 25ms, I think Linux is a bit slower but a similar ballpark, so there’s no noticeable latency for users).