Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Miller's Slogan: Lose a few, lose a few.

aus+uk / uk.comp.sys.mac / Re: SolarWinds

SubjectAuthor
o Re: SolarWindsJaimie Vandenbergh

1
Re: SolarWinds

<iep3lcFu8k0U1@mid.individual.net>

  copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=124&group=uk.comp.sys.mac#124

  copy link   Newsgroups: uk.comp.sys.mac
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: jai...@usually.sessile.org (Jaimie Vandenbergh)
Newsgroups: uk.comp.sys.mac
Subject: Re: SolarWinds
Date: 27 Apr 2021 00:19:56 GMT
Lines: 48
Message-ID: <iep3lcFu8k0U1@mid.individual.net>
References: <ie00rdF3qodU1@mid.individual.net> <s5m182$gi3$1@dont-email.me> <ienqvpFmmlgU1@mid.individual.net> <ieoa2nFpj4dU1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
X-Trace: individual.net PSxuZwokRAJ06THQnvkaYAjFZkcmwVSOFFQ9JlymT9xr3hpT9Z
Cancel-Lock: sha1:nbRHmYIduBwzOBHEGjQ0E/azn3g=
User-Agent: Usenapp/1.07.1/l for MacOS - Full License
 by: Jaimie Vandenbergh - Tue, 27 Apr 2021 00:19 UTC

On 26 Apr 2021 at 18:03:19 BST, "TimS" <timstreater@greenbee.net>
wrote:

> On 26 Apr 2021 at 13:45:45 BST, Jaimie Vandenbergh
> <jaimie@usually.sessile.org> wrote:
>
>> On 20 Apr 2021 at 08:52:40 BST, "Chris Ridd" <chrisridd@mac.com> wrote:
>>
>>> On 18/04/2021 18:31, TimS wrote:
>>>> On 18 Apr 2021 at 15:32:03 BST, Chris Ridd <chrisridd@mac.com> wrote:
>>>>> And you will want to do these builds very often - multiple times while a
>>>>> single change is being reviewed and then committed. Sneakernet is not an
>>>>> option.
>>>>
>>>> You'd do all the reviewing on systems connected to the private off-Internet
>>>> lan. I'm sure a secure way can be found .
>>>
>>> Well that way you can't update your insecure dependencies in a review
>>> because you've added this extra hurdle. So swings and roundabouts.
>>
>> Last time I helped architect such a system, we had an internal server
>> (Artifactory) providing repositories of all the code and data we needed
>> to build and test our software. That did two things - made sure we could
>> always repeat an older build as we'd keep all the older dependencies,
>> and made sure that our actual build servers (Jenkins and the like) could
>> be on a private network with no internet access.
>>
>> There was a secure non-transitive route to the repo server for us ops to
>> add needed new things to it, after the obligatory infosec
>> automated+manual checks on incoming code and binaries.
>>
>> Worked pretty well, but made updating the infrastructure itself bloody
>> annoying on occasion, and a few software packages that "need" to phone
>> home for licensing etc had to be canned or their support shouted at long
>> enough to provide us with versions that don't do that.
>
> I'm surprised that this isn't the standard, routine way of doing things.

It's best practice, certainly. Lots of shops don't bother because it's
harder to set up than just putting everything on the corp network.

Cheers - Jaimie
--
"We don't stop playing because we grow old; we
grow old because we stop playing"
-- George Bernard Shaw

aus+uk / uk.comp.sys.mac / Re: SolarWinds

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor