From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.1 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id B480C1F9FD for ; Sat, 27 Mar 2021 14:02:29 +0000 (UTC) Received: by mail-ot1-x32d.google.com with SMTP id 91-20020a9d08640000b0290237d9c40382so7919436oty.12 for ; Sat, 27 Mar 2021 07:02:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HVq5J2fzKl3PuZyYwA5AbSTqBkc+nQtpUHeYbofmGLs=; b=aixMW0JnV5U9agQW+CMm4HFF8pARO9kNA3A0qtjJH7EhKyFMd3lWLqMuNuFNEhjRHp LZtiWLX+4XBHfYZBwvpxlTCq/DOTZEzRtSIWeGEfpZfU/20MiKe98xvs1Q8sZj5wHAfl BeuESwUGa1zuruM7pQrnx/VR0xYvPN3Tl9ssf0Uv0yPR4uiLQZtCHdMQo8X5COEzhzea kfNgZAE8c+I3phqZ8S9QvIgKpmp16CcRihmkK7U2ao+zxLeT/3FAMgMYjVifAQvUBShT Du4D21RyDRBItMw4QP7jGDrIWRP57o0p5jVQwqmMt+zVS37DaxHkt6Acqf+8Hj5Hfw8I M51g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HVq5J2fzKl3PuZyYwA5AbSTqBkc+nQtpUHeYbofmGLs=; b=C534WiJ8Q5bRZPismJ6umNvRcYUKaw4U6WCSDo+tC4RvcAn5ZBh9ith1Ig1vtDhdYl K33QSsv1doQOIvX49xc+0/CEGJZF4eSfcZi7GC1T2dpHJl5gzvXCaHaeqZAtUqrHZltB aVEEuu+LQ1IeYzhvB7bsvYThmNSGoFUglgjWPSTvOg9jukobptl57eowVJtcyqcO4NHF /ULlw0cvxiOZ4U1ZIqGOCc4fGS5Puqu3uzWmKWiItqfr3QTA2syEK+XNFZFWolvajKT9 cBiF97L4/KM01a9yUTPUD4bJ96aAizNmRd9FqhSAxmjrotn5Z1yLvo8oh0OtdeE6CUAs 8SYQ== X-Gm-Message-State: AOAM5325sqsQZ0nBHgzarcGPzEUPDyKGrBOOCcVue6JIdluBzW0HzPpd YzLwtQ3UVNKC/WlTiIgDMDAZDZJ9MyZEsQHY4Xg4V4JKct9XQYxPT/g= X-Google-Smtp-Source: ABdhPJyBcvx3x/koGxH4mEML2+fATdJCgTa1quAGmNls8T6uDSi13UdsmnjLZ4OfZ91sF1u/JuRIJzpDYg5XUYN4ElQ= X-Received: by 2002:a9d:740c:: with SMTP id n12mr15859517otk.21.1616853748584; Sat, 27 Mar 2021 07:02:28 -0700 (PDT) MIME-Version: 1.0 References: <20210326213517.GA5730@dcvr> <20210327083946.30726-1-133706+stdedos@users.noreply.github.com> <20210327095431.GA32057@dcvr> In-Reply-To: <20210327095431.GA32057@dcvr> From: =?UTF-8?B?zqPPhM6xz43Pgc6/z4Igzp3PhM6tzr3PhM6/z4I=?= Date: Sat, 27 Mar 2021 16:01:50 +0200 Message-ID: Subject: Re: [PATCH v1] git-send-email-reply: Append subject To: meta@public-inbox.org Cc: Eric Wong Content-Type: text/plain; charset="UTF-8" List-Id: With regards, Ntentos Stavros On Sat, 27 Mar 2021 at 11:54, Eric Wong wrote: > > I thought you said you deployed it :/ > > Oops :x I finished the deploy, now :> Yeah, I saw it a bit later :-p :-D > > Would it make sense for you to "symlink" /meta/ to /public-inbox/? > > (as it is for git.git --> /git/) > > Not really, since the address is meta@public-inbox.org. > "public-inbox" is already a long name, and > "public-inbox.org/public-inbox" is kinda annoyingly long. > > (and I've been preferring <80x24.org|yhbt.net>/public-inbox.git > for the git repo). Remember that a symlink (or a 30x redirect) does not cost you anything :-p It _is_ longer, and it doesn't cost you anything, for the sake of "finding where is something where you look for it to be" ;-) > It's been a few years since I checked, but I seem to recall > there being an option in the web UI of Gmail. It does, and it is a bit hidden, and a bit global-ish: If you send e-mails at night ... > Everything I've read about Docker sounds scary when people are > grabbing binaries and code from random distributors and just > running it blindly. IMHO it encourages dangerous behavior. Pulling solely from "sane-ish sources" (buster from Debian and your code from your repo), should it be okay. The risks (as stated above) should ... > Having duplicates of things like libc or even Perl is total > overkill here and not remotely lightweight in my book. > > I don't expect anybody to trust me enough to run public-inbox > without reading it (which is why there'll never be JavaScript). > > We only distribute source so people can always read what they're > running. We even use a language that makes binary distribution > (nearly) impossible. ... be outweighed by benefits (clean add and remove, single-ish up-and-running command). Of course, you are right of claiming that anywhere, anything can be inserted - and the more you pull, the more things you expose yourself to. https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/ > I would never introduce any soft or hard dependency into a > project without being knowledgeable and comfortable about it, > first; and that can take a LOT of time and lead me down rabbit > holes... Yeah, me too :-D Having a more clean deploy&isolation&remove process would facilitate in me testing more and providing a cleaner patchset to you. You might have fixed my patchset yourself (thanks!) but not everyone is willing to spend time on it. On the other hand, I am not willing to "pollute" my system with something tying itself more or less to my system. (It's not the pollution that I am afraid of, but the sanitization afterwards). I've barely used chroots, and I am not comfortable using them (because they require sudo). Not to say that I am "that comfortable" using docker either! However, they have created a group which, if I add myself on it, it (hopefully) uses only the minimal set of required privileges to do, whatever it is that it does, without requiring me to type "sudo" (which, I keep telling to myself that it is "something dangerous" overall). If you have some tl;dr knowledge on how to make (s)chroots to work cleanly without any sudo (after I review a specific subset of rights & get myself access to e.g. `/var/chroots/*` directory), I am all ears! A lot of compiled deb packages use that one way or another, and (mistakenly?) I feel more comfortable installing via `apt-get install package.deb` than `make install`.