Quoting Luca Boccassi (2024-06-12 15:27:36) > On Wed, 12 Jun 2024 at 14:15, Jonas Smedegaard <jo...@jones.dk> wrote: > > You apparently find it equally sensible, specifically as a security > > measure, a) apply ACLs on an otherwise massively multi-user-write-access > > host and b) use a separate far-less-featured host. > > > > You claim that both setups have equal vulnerabilities. > > No, I claim they have different sets of vulnerabilities, disadvantages > and advantages, and that both can provide the required feature: > disallow force pushes/deleting tags. The hardest thing with security > is that it requires a constant, ongoing effort, that will never end, > and will only get harder. A widely used software like Gitlab is better > for this, as is a widely used kernel like Linux. Or are you suggesting > such a server should run on Hurd, given it's far-less-featured and > thus has a much smaller attack surface than Linux?
No, I am not suggesting the use of the Hurd here, and I am having a hard time assuming good faith with the potential undertones of that question. To answer your convoluted question, I am suggesting that Salsa and tag2upload has very different needs (multi-user write versus multi-user append-only, drastically simplified), and consequently to not argue that reuse of Salsa for hosting tag2upload is a security benefit. > > I disagree. I think you are mistaken - and no, it is totally > > irrelevant for this accusation whether or not I am a fan of Salsa, > > and whether or not I represent a loud or silent minority or majority. > > This is not about me. > > And I think it is very much relevant, given the obvious end goal of > some individuals is to kill Salsa, which this proposal - as it stands > - would facilitate. Ok, since you insist that it is relevant: Please provide proof to support your claims that a) some "silent minority" exists in Debian aiming to "kill Salsa", and b) I belong to said group, and c) it is "very much relevant" here that I belong to that group. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature