| delorie.com/archives/browse.cgi | search |
| X-Authentication-Warning: | delorie.com: mail set sender to geda-user-bounces using -f |
| X-Recipient: | geda-user AT delorie DOT com |
| X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; |
| d=gmail.com; s=20161025; | |
| h=mime-version:references:in-reply-to:from:date:message-id:subject:to; | |
| bh=qIa+TMQC7uOZA1K3nK2v2BYgJ2mj8OoEjuqaiPu7CBc=; | |
| b=dbWC/uKUq5EZ4mzQg+zDns7kHowojsOfWyNaVZgtBQ2J6hQWJNlh7cD8mvrGc2LxXo | |
| IDomutCppHyTIEfYYG0DNDGuHdUEZZkeE27n2yQGGXZJNv8mnuL3YnJTXA8ZNKzU22vL | |
| JuR8T05DbsJhDz2N2R84XA2G/TzBKAtajuMly1t1gEs9K2FmPKa0vcjC5dDyb5hkbt+Q | |
| X0j412CSA17xDIJTgCTZ45TR96hxS+JcZlcO7O4/3WoVLN1HZU798s332PV002DuD0Fe | |
| vg6Yax5YS8tV97/LXZ8cxGd0HfdE8x2iZxZel8o+gZQ42WOak6yDIQo2GjSTpqKivsZH | |
| sDhw== | |
| X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; |
| d=1e100.net; s=20161025; | |
| h=x-gm-message-state:mime-version:references:in-reply-to:from:date | |
| :message-id:subject:to; | |
| bh=qIa+TMQC7uOZA1K3nK2v2BYgJ2mj8OoEjuqaiPu7CBc=; | |
| b=DmgD+0SS+msQQrecW2taFO+7it13R5dJ+ANEmfHK28rLPi+Q5Uk9zxwbCwfT7j6Tvr | |
| HDMak307xB4vgv67q4Gl4awLtNejf92HgWaqnCerM3n77Q76kQpPEBUNzby0/QLsC7ge | |
| cKkQ4oGxin3aqBoUx3cwC0p0/P86iQi4O34TwT38gMDDuWP6OENfdPvY5ZK9wTC8WLBf | |
| Oa1y6nBtP5MNElNNG0+YfQu+EmRY+pR/Ieysq4PoYJl5qqCY0kuP+K7dNc2Rax5mfEdO | |
| x/8jPMfjEZI6ERjP+A0coPyGpU6wPu0TvqoHkgzMLX7LmucGyJ2RRg8vJmGiuPS49NA2 | |
| zXtg== | |
| X-Gm-Message-State: | AOAM533+jTQFOOmztrvONL7IdbCJ19QLFwLyaT/Fo8ieWOcfZPzoh1R3 |
| iwXF17h7biE6R85HLNNZYL5cB0rpqDskLqPA294+4JBcHaRgkg== | |
| X-Google-Smtp-Source: | ABdhPJyfkri7YQMPmCi0nZ2R28jyXhj3tv9BwPGAii3rDo7xXMLz3jfHBTEPp+YXXg39KZjkPx9Q/oWPV+ysIvr4H/c= |
| X-Received: | by 2002:a05:6102:22d5:: with SMTP id a21mr2242271vsh.32.1628866780675; |
| Fri, 13 Aug 2021 07:59:40 -0700 (PDT) | |
| MIME-Version: | 1.0 |
| References: | <20210813015127 DOT 43f5c7cd AT brane_wrks> <xnh7fuds0u DOT fsf AT envy DOT delorie DOT com> |
| <6115ecdb DOT 1c69fb81 DOT ee1b6 DOT 51cfSMTPIN_ADDED_BROKEN AT mx DOT google DOT com> | |
| In-Reply-To: | <6115ecdb.1c69fb81.ee1b6.51cfSMTPIN_ADDED_BROKEN@mx.google.com> |
| From: | "Chad Parker (parker DOT charles AT gmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com> |
| Date: | Fri, 13 Aug 2021 10:59:29 -0400 |
| Message-ID: | <CAJZxidBFpXjWSjWRdo71W7hM--naM9ohBo+-p_EY+rpddcWUMA@mail.gmail.com> |
| Subject: | Re: [geda-user] geda and pcb git repos inaccessible ? |
| To: | geda-user AT delorie DOT com |
| Reply-To: | geda-user AT delorie DOT com |
--000000000000d93f8405c97219f9 Content-Type: text/plain; charset="UTF-8" If you're concerned about maintaining the integrity of the source code as you download it, git makes it easy to compute and compare the hashes of your source tree with that of the server's. If you're concerned about people adding malicious code into the repository, then know that a limited number of people have permissions to merge code into the master branch, and all such code is reviewed by those developers. If you don't trust the developers... well, there's nothing I can really do about that, other than to say that none of us are interested in gaining root access to any of your computing devices or networks. You can believe me or not. That's up to you. Does this mean that there are zero security flaws? No. I don't think any of us are computer security professionals. We're mostly just engineers that enjoy coding. So, we do our best. If you find some issues, we'd welcome you pointing them out, or even better, providing a patch that fixes them. --Chad On Thu, Aug 12, 2021 at 11:54 PM Branko Badrljica (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com] <geda-user AT delorie DOT com> wrote: > On Thu, 12 Aug 2021 21:58:57 -0400 > DJ Delorie <dj AT delorie DOT com> wrote: > > > > You are an overly paranoid individual... > > Couple more things: > > 1. One of the methods of breaching the machies are timing attacks > and usual excplouts over networks. They breach your server through a > service and get to own it. > > 2. Servers as yours have high "multiplicative effects". Your server can > fruther the attack on any client that connects to git repo and thus > infect their machines through similar or very same attack vector. > > 3. World is full of intertwined human swarm, engaged in a war. This > kind of stance exposes you and might make you seem as a prticipant and > thus a target. Norm for the git is https transfers everywhere outside > controlled internal LAN. > You are sticking out of the norm. If anyone > gets suspicious, you could be on shortlist of hostile "suspects". > Swarms aren't known for lengthy legal processes, evidence collecting, > "innocent until proven guilty" etcetc. > > > > > --000000000000d93f8405c97219f9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>If you're concerned about maintaining the integri= ty of the source code as you download it, git makes it easy to compute and = compare the hashes of your source tree with that of the server's.</div>= <div><br></div><div>If you're concerned about people adding malicious c= ode into the repository, then know that a limited number of people have per= missions to merge code into the master branch, and all such code is reviewe= d by those developers.</div><div><br></div><div>If you don't trust the = developers... well, there's nothing I can really do about that, other t= han to say that none of us are interested in gaining root access to any of = your computing devices or networks. You can believe me or not. That's u= p to you.<br></div><div><br></div><div> <div>Does this mean that there are zero security flaws? No. I don't=20 think any of us are computer security professionals. We're mostly just= =20 engineers that enjoy coding. So, we do our best. If you find some issues, w= e'd welcome you pointing them out, or even better, providing a patch th= at fixes them.</div><div><br></div><div>--Chad<br></div><div><br></div> </div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_= attr">On Thu, Aug 12, 2021 at 11:54 PM Branko Badrljica (<a href=3D"mailto:= brankob AT s5tehnika DOT net">brankob AT s5tehnika DOT net</a>) [via <a href=3D"mailto:ge= da-user AT delorie DOT com">geda-user AT delorie DOT com</a>] <<a href=3D"mailto:geda-= user AT delorie DOT com">geda-user AT delorie DOT com</a>> wrote:<br></div><blockquote= class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so= lid rgb(204,204,204);padding-left:1ex">On Thu, 12 Aug 2021 21:58:57 -0400<b= r> DJ Delorie <<a href=3D"mailto:dj AT delorie DOT com" target=3D"_blank">dj AT delor= ie.com</a>> wrote:<br> <br> <br> > You are an overly paranoid individual...<br> <br> Couple more things:<br> <br> 1. One of the methods of breaching the machies are timing attacks<br> and usual excplouts over networks. They breach your server through a<br> service and get to own it.<br> <br> 2. Servers as yours have high "multiplicative effects". Your serv= er can<br> fruther the attack on any client that connects to git repo and thus<br> infect their machines through similar or very same attack vector.<br> <br> 3. World is full of intertwined human swarm, engaged in a war. This<br> kind of stance exposes you and might make you seem as a prticipant and<br> thus a target. Norm for the git is https transfers everywhere outside<br> controlled internal LAN. <br> You are sticking out of the norm. If anyone<br> gets suspicious, you could be on shortlist of hostile "suspects".= <br> Swarms aren't known for lengthy legal processes, evidence collecting,<b= r> "innocent until proven guilty" etcetc.<br> <br> <br> <br> <br> </blockquote></div> --000000000000d93f8405c97219f9--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |