On 09/28/2011 02:49 PM, Eric Gwin wrote:
What
about Use-case 1a; The evil hacker who hypothetically stole
David's private key operates out of the Bahamas,
Good points.
Clearly, our number one priority as a community must be preventing
David Williams from vacationing in the Bahamas. That must never
happen.
Seriously, I'm trying to keep this simple. I'm assuming that
before confirming that the network you're using is trustworthy
you've ensured that it indeed is (ie, there isn't a microwave dish
pointed directly at you, no one placed a briefcase with a hole in
it over your keyboard, etc.).
However, I'd be interested to know your thoughts on how we'd
implement a "temporary trust"... Perhaps, when replying to the
email, you type a keyword in the email body that we parse and use?
On 09/28/2011 03:01 PM, David Carver wrote:
Eliminate
the need for Shell access entirely, otherwise this is just a
bandaid, and if somebody really wants to get into the servers,
they'll find a way to do it.
Ultimately, eliminating the need for a shell is the goal.
Since many projects use shell-based builds, we can't just assume
that torquing Hudson will solve all our problems today.
Denis
|