>> Though it can help attribute that to a source, Meaning to source 'account', vs say weak old CVSROOT that any could text edit on 200 account box, claim bitrot, etc. Whether inspiration came from the pet dog's bug report is moot, more secure systems narrow into accounts that would then be examined for sensibility post. Even better before then, said fun audit teams raise the cost to compromising all N randomly changing slots on it, much harder to game than a single endpoint. Audit counters by a bit different path than the IT-people problems, does insert time in the process, yet can also payoff by quality, and by rotating participants gaining broader experience with entire codebase, and can even payout from said 10x crypto pot for bugs. Defense in depth, many knobs in the orchestra, turn to set how you want, yet consider before leaving any set too near zero. Good that git monotone hashtrees keys TLS sigs pubkey fingerprints pins TOTP automated lint coverage fuzzing zfs-skein, etc displacing equivalents of legacy telnet CVSROOT, in some OS and projects finally, and that development, being users too, have interest benefit in, and can contribute to that areas and transitions too. Happy hacking in 2021 :)Received on Sat Jan 02 2021 - 21:12:55 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC