I have utmost confidence in the Guix project, it has lots of smart and inquisitive people to suppliment its accountable structures - a very useful bulwark against exploitative behaviour!
==================== Jonathan McHugh indieterminacy@libre.brussels October 22, 2021 12:59 AM, "Tobias Geerinckx-Rice" <m...@tobias.gr> wrote: > All, > > zimoun 写道: > >> Do you mean that trusted users would try WM-escape exploits? >>> The world has been formed by warewolves inside communities >>> purposely >>> causing harm. Looking further back, Oliver the Spy is a classic >>> examplar of trust networks being hollowed out. > > So… > >> I cannot assume that on one hand one trusted person pushes to >> the main >> Git repo in good faith and on other hand this very same trusted >> person >> behaves as a warewolves using a shared resource. > > …li'l' sleepy here, bewarned, but before this gets out of hand: I > never implied direct abuse of trust by committers. I don't > consider it the main threat[0]. > > There are the people you meet at FOSDEM and the users who log into > machines. Both can be compromised, but the latter are much easier > and more likely to be. > > Such compromise is not laughable or hypothetical: it happens > *constantly*. It's how kernel.org was utterly owned[1]. > > Trusting people not to be evil is not the same as having to trust > the opsec habits of every single one of them. Trust isn't > transitive. Personally, I don't think a rogue zimoun will > suddenly decide to abuse us. I think rogues will abuse zimoun the > very first chance they get. > > That's not a matter of degree: it's a whole different threat > model, as is injecting arbitrary binaries vs. pushing malicious > code commits. Both are bad news, but there's an order of > magnitude difference between the two. > >> For sure, one can always abuse the trust. Based on this >> principle, we >> could stop any collaborative work right now. The real question >> is the >> evaluation of the risk of such abuse by trusted people after >> long period >> of collaboration (that’s what committer usually means). > > Isn't that the kind of hands-up-in-the-air why-bother > nothing's-perfect fatalism I thought your Python quote (thanks!) > was trying to warn me about? ;-) > > Zzz, > > T G-R > > [0]: That's probably no more than an optimistic human flaw on my > part and ‘disgruntled ex-whatevers’ are probably more of a threat > that most orgs dare to admit. > > [1]: I know, ancient history, but I'm working from memory here. > I'm sure it would be trivial to find a more topical example.