HackerTrans
TopNewTrendsCommentsPastAskShowJobs

terrorobe

no profile record

Submissions

Removed unencrypted Git protocol and certain SSH keys

github.blog
4 points·by terrorobe·4 ปีที่แล้ว·0 comments

comments

terrorobe
·4 ปีที่แล้ว·discuss
> calling out to services should be a core competency.

What’s the typical failure rate of a method call within a process of a language of your choice?

If it’s not Java2k it will be one or two orders of magnitude lower than any cross-process, host or provider RPC call you’re ever going to make.

At smaller scales, just not having to deal with all the bugs and cleanup work missed error handling brings - and then building proper error handling for all relevant cases - can make a huge difference.
terrorobe
·5 ปีที่แล้ว·discuss
Then the brownout had its desired effect.

Using unauthenticated transports for code is borderline malicious.
terrorobe
·5 ปีที่แล้ว·discuss
The main reason to de-emphasize passwords is that they can easily get leaked and can cause long-lasting problems.

Forcing automation to use per-service authentication tokens in the form of distinct SSH keys or access tokens allows you to

* limit the scope of the token when it gets leaked * Using a password gives you full control over a GitHub account, a SSH key or token much less so * verify which credentials are still actively used * deactivate & replace tokens on a more fine-grained level if one should get leaked