> Am 31.08.2017 um 09:30 schrieb Peter Uhnák <i.uh...@gmail.com>: > > > On Thu, Aug 31, 2017 at 8:45 AM, Norbert Hartl <norb...@hartl.name > <mailto:norb...@hartl.name>> wrote: > > > > Am 31.08.2017 um 03:32 schrieb Sean P. DeNigris <s...@clipperadams.com > > <mailto:s...@clipperadams.com>>: > > > > https://github.com/pharo-vcs/iceberg/blob/master/README.md > > <https://github.com/pharo-vcs/iceberg/blob/master/README.md> suggests to > > configure Iceberg with the "Use Custom SSH Keys" setting, part of which > > seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is > > that a good idea (i.e. is that safe)? > > > > > Not at all! > > Just about as safe as storing credentials for SmalltalkHub. (and to be fair, > STHub is even worse in that the connection is not encrypted. Imagine someone > observing traffic on PharoDays/ESUG conf.) > I didn't say something different. But having one bad solution makes another bad solution not better. Both are no-gos!
> If you are not giving your work image to anyone else, I don't see what > difference it would make. And if you are worrying about malicious code > extracting it from your settings... I would be more worried about full access > to your system… So you do not put passphrases on your ssh keys? Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do? And it is not only for access to git repos and such. If we want to develop decent systems we need a way to store credentials safe and external to the image. Norbert
