Hey, can anyone guide me on how to take octet stream as input in API and/or how to convert octet stream to byte array using golang
On Thu, Dec 13, 2018 at 5:14 PM snmed <sandro.p.da...@gmail.com> wrote: > I'm not sure if i fully understand your point on "vetted binaries", but if > every source code is vetted and then transferred to the isolated > environment, there should not be a problem with security issues. All the > developer machine living already in the same isolated environment and also > i would place athens there, so all builds will be made with vetted source > code. > > It's easily possible that i miss some import point in this scenario, but > anyway i will verify your idea and take it into account for our go > development strategy. > > Am Donnerstag, 13. Dezember 2018 10:38:30 UTC+1 schrieb ohir: >> >> On Wed, 12 Dec 2018 22:15:23 -0800 (PST) >> snmed <sandro....@gmail.com> wrote: >> >> > Thank you very much for your reply. It seems to be a possible way to do >> it, >> > what do you think about the athens way? >> >> From the secop pov it'll be a hells gate. Also it does not allow for >> vetted binary arifacts as current unix/Go ways do. >> >> > what do you think about the athens way? >> >> 1) Athens is in flux. 2) It is yet another complicated piece of software >> to analyze and monitor. 3) It again brings all compiling to the local >> machine while GOPATH way allows all devs to use binary artifacts built >> on the hardened builder machine. >> >> > In my point of view it would be the easiest way as far i can preload >> the >> > athens cache with all the required packages. >> >> So the security team will need to produce an internal vetted package >> instead >> of signing a tag within the IDP 3rd party package repo. >> >> (IMO whole idea of "zipped packages" is the bad J-flu infection... Ah - >> CoC) >> >> > And then the only thing a developer has to do, is to set the GOPROXY to >> the >> > athens instance. >> >> It fits loose distributed settings. Not controlled ones. And I -- from >> "offline"/"airgap" constraint -- assumed that your client is concerned >> about >> security, not about connectivity. >> >> Hope this helps, >> >> -- >> Wojciech S. Czarnecki >> << ^oo^ >> OHIR-RIPE >> >> -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
