[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian github organization ?

On 20/07/15 12:18, Ian Jackson wrote:
Ben Caradoc-Davies writes ("Re: debian github organization ?"):
I am not sure why this would be unacceptable to anyone. Authentication
is your ability to prove who you are. GitHub accounts provide this.
You're talking as if what is identified is a human being.  But of
course, it isn't.  When you do a git push (or whatever) what is pushed
is controlled by the computer you are using.

Of course. Humans lack a network interface. Authentication is the process whereby humans use tools they control to prove their identity. The integrity of these tools, the degree of control, and the care with which these tools are used appears to be your concern.

I would not want to use my workstation at work to push to Debian.  Nor
would I want to have to feed all the pushes I would do during my job
through my netbook so they can be appropriately authorised.

What is your concern? That your workstation might be misused or compromised by someone in your workplace? Key logger? Remote access snooping? And that this compromise might be used for malicious purposes against Debian?

The github authorisation is in terms of ssh keys.  I have ssh keys
that live on my workstation at work.  And I have ones that live on my
own infrastructure.

GitHub recommend using SSH key passphrases, which provide a degree of protection against machine compromise:

Kind regards,

Ben Caradoc-Davies <ben@transient.nz>
Transient Software Limited <http://transient.nz/>
New Zealand

Reply to: