Re: debian github organization ?
On 20/07/15 12:18, Ian Jackson wrote:
Ben Caradoc-Davies writes ("Re: debian github organization ?"):
I am not sure why this would be unacceptable to anyone. Authentication
is your ability to prove who you are. GitHub accounts provide this.
You're talking as if what is identified is a human being. But of
course, it isn't. When you do a git push (or whatever) what is pushed
is controlled by the computer you are using.
Of course. Humans lack a network interface. Authentication is the
process whereby humans use tools they control to prove their identity.
The integrity of these tools, the degree of control, and the care with
which these tools are used appears to be your concern.
I would not want to use my workstation at work to push to Debian. Nor
would I want to have to feed all the pushes I would do during my job
through my netbook so they can be appropriately authorised.
What is your concern? That your workstation might be misused or
compromised by someone in your workplace? Key logger? Remote access
snooping? And that this compromise might be used for malicious purposes
The github authorisation is in terms of ssh keys. I have ssh keys
that live on my workstation at work. And I have ones that live on my
GitHub recommend using SSH key passphrases, which provide a degree of
protection against machine compromise:
Ben Caradoc-Davies <email@example.com>
Transient Software Limited <http://transient.nz/>