Quoting Luca Boccassi (2024-06-12 14:55:13) > On Wed, 12 Jun 2024 at 13:47, Jonas Smedegaard <jo...@jones.dk> wrote:
[...]
> > > > Luca Boccassi writes ("Re: [RFC] General Resolution to deploy
> > > > tag2upload"):
> > > > > As far as I can tell, from what was shared in these documents, the
> > > > > security feature needed is an append-only repository, with safeguards
> > > > > that an individual developer cannot bypass. As far as I can tell, the
> > > > > same setup can be achieved with repository ACLs, and it would have the
> > > > > same vulnerability: an admin with full access to the server can bypass
> > > > > such measures, in either case. Is there something else I am missing?
[...]
> > I read the analysis more that two systems is better than one thousand
> > systems.
> >
> > I.e. centralizing (compared to building done on developers' systems)
> > to a system that can be analyzed (which Gitlab is quite a challenge
> > to do).
>
> "centralize the risk as much as possible" applies to both cases, as
> does the justification for it. And again, Salsa is already part of the
> solution, so this argument doesn't seem very strong to me.
No, not centralizing as much as possible, only as much as sensible.
You apparently find it equally sensible, specifically as a security
measure, a) apply ACLs on an otherwise massively multi-user-write-access
host and b) use a separate far-less-featured host.
You claim that both setups have equal vulnerabilities.
I disagree. I think you are mistaken - and no, it is totally irrelevant
for this accusation whether or not I am a fan of Salsa, and whether or
not I represent a loud or silent minority or majority. This is not about
me.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
