[Cryptech Tech] Some problems with the repo access
Rob Austein
sra at hactrn.net
Tue Feb 11 01:03:27 UTC 2014
At Mon, 10 Feb 2014 22:58:49 +0100, Linus Nordberg wrote:
>
> | Are we talking about read-only or read-write? Read-write git over
>
> Read-only.
OK.
>
> | we can add read-only git over plain HTTP at the same time
>
> I'd prefer we didn't give people the opportunity to shoot themselves
> like that but I think that I'd have to convince y'all to go for a cert
> rooted in a known CA before I start that fight.
There are a lot of assumptions buried in that analysis.
I agree that this is not the time to have that argument.
> (We _could_ publish our public key, PGP-signed, on the site. For those
> who don't trust CA:s. Manual pinning.)
We already do. Well, OK, there's an extra level of indirection, but a
user who can figure out how to run "gpg --verify" can also figure out
how to run "openssl verify".
> | > Can't see it in http://cryptech.is/browser though.
> |
> | That would be the post-repository-create trigger script bug that was
> | blowing up in Joachim's face. Did you get that one too?
>
> Didn't see any errors or warnings at all, I'm afraid.
>
>
> | I haven't done anything about this yet (just got back from holiday
> | late Saturday, still catching up), but I do wonder whether this is
> | somehow related to the other thing Joachim was reporting where his SSH
> | client was trying to use a pseudo-tty.
>
> Didn't see that either, actually.
Thanks, these were useful data points.
More information about the Tech
mailing list