On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: > > I agree that dogfooding is important for discovering quality issues, but > > I think it's a poor argument for discovering security issues, especially > > if it concerns a host which is used for building and signing packages. > > > > As I mentioned earlier, I think containers are one good way to have > > almost the best of both worlds. One can do anything one could do on > > host, all while being isolated from that host, and with very little > > overhead but also a ton of useful extra features. > > I don't see the real benefit. > > As others have said, the best solution is to relay on HSW for handling > the cryptographic material. Aren't these answers to different questions? Not all attacks are about stealing the key or using it to sign unintended things. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature