Post · bonfire.cafe

Post

#curl is secured for the billions - the steps we take. There is no silver bullet. No magic solution. Just plain engineering and doing everything as good as we can and to keep tightening every bolt there is.

(slide for upcoming presentation)

secured for the billions slide and 16 things we do

Lee Griffiths

@poddster@mastodonapp.uk · 2 days ago

@bagder I've never heard of "CI Jobs never 'write back'". I've had a quick google, including in the curl context, but I can't see anything, so I'm left wanting! Will you be putting the presentation out in public? (Or is there any curl contributor documentation for this specific thing?)

daniel:// stenberg://

@bagder@mastodon.social · 2 days ago

@poddster the point being that a compromised cloud service cannot taint our code, they're all run read-only. Also that we don't need or use credentials or secrets in CI jobs.

This is for my coming three decades of curl talk at NDC security. I *think* it will be recorded and made available later.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.34 no JS en

Automatic federation enabled