Hey all, Just breaking this out to a different thread.
On 19-07-19 16:36, Dan McGrath wrote: > My recommendation is to immediately disable and remove FTP from our server, > and find alternative and secure means for the developers to share files. I agree with Dan. FTP is a old, insecure protocol, and we don't need anonymous uploads at all. Platform maintainers can use their SSH key to gain access to the file storage. > I would also strong advise that one of the developers create a GPG key that > is stored safely ofline, which can be used to officially sign the MD5/SHA > checksum files I would recommend using a Yubikey for this, stored in a safe at the Blender Institute. Getting the right key is easy once it's poured into hardware. -- Sybren A. Stüvel https://stuvelfoto.nl/ https://stuvel.eu/ _______________________________________________ Bf-committers mailing list [email protected] https://lists.blender.org/mailman/listinfo/bf-committers
