Similar to the build farm VMs used in the "Launchpad PPAs," the VM should reset its state after building a package. It should not, for instance, retain the build dependencies that it had to install before building the package. The state should be reset between each build.
This would certainly make the build process slower, but would significantly reduce attack surface.
It may be reasonable to allow the requisite initial apt-get update && apt-get upgrade (which is executed before installing build dependencies, etc) to permanently alter the VM's state -- this would be much more convenient than requiring periodic upgrades.
Similar to the build farm VMs used in the "Launchpad PPAs," the VM should reset its state after building a package. It should not, for instance, retain the build dependencies that it had to install before building the package. The state should be reset between each build.
This would certainly make the build process slower, but would significantly reduce attack surface.
It may be reasonable to allow the requisite initial
apt-get update && apt-get upgrade
(which is executed before installing build dependencies, etc) to permanently alter the VM's state -- this would be much more convenient than requiring periodic upgrades.