24
williamli
21d

me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy

Comments
  • 4
    Everyone think that they are better than others.
  • 8
    Me: Keep in mind that your security policy is fucking shit then.
  • 1
    Is the github thing because they can’t store the code in a foreign country? I have seen some of this with gov contracts.
  • 0
    I hate having copies of source code everywhere ffs
Add Comment