Re: Arch Linux public upload server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 9/4/24 1:04 AM, Polarian wrote:

Hello,



Hello,


I would like to suggest a few points which have not been discussed.

As it has been mentioned, in almost every response in this thread, I
will exclude the security implications and the abuse implications.

#1 There is a ton of pastebins out there, and many people have a
preference. Find 100 people, ask them all to pastebin some file, almost
everyone is going to use a different pastebin service.

I am sure some people will like to use an official pastebin, some people
will have a preference for something else, which means you will still
get a range of different pastebins on IRC. So, say you enforce it,
state you will not get support if you use another pastebin, then surely
this is the same vendor lock-in that I am sure many of us disagree
with?

Unlike... say Gitlab, which you can justify spending the time and money
hosting because it is a requirement no service will fill. In contrast,
there are hundreds of pastebins which fit Arch Linux's requirement thus
can you justify the expense?
I don't think it was ever mentioned that such a paste service offered by Arch Linux would become *the official one* and that its usage would be enforced in any way when requesting support or something (in opposition to other similar services). 
I'm not sure where that comes from?


#2 I saw a mention that an Arch Linux pastebin would be trustworthy.
Firstly, you should never pastebin sensitive data, therefore the
payload is not a concern. The most a pastebin service can do is log
your IP, which can easily be negated with a VPN or tor.

So is a pastebin/upload server from Arch any more trustworthy?
The exact sentence was (copy pasted from the author's email [1]) : "I 100% support having our own paste service that's *on a trustworthy 
domain like archlinux.org*".
The domain (archlinux.org) is described as trustworthy, not the service itself. This is an important nuance in that context (e.g who host/manage the service and the data it collects). 


#3 Potential bias.

As a disclaimer I intend no offence, but I do think it is a good point
which should be brought up.

Orhun, who is an Arch Linux staff member [1], is the user which has
raised the suggestion of an official pastebin for Arch Linux. However
they also suggested the exact software to use, rustypaste.

Orhun is the developer of rustypaste.

Take our corporate buddies as an example on this point. If a
shareholder has a conflict of interest, they excuse themself from the
decision on the solution which is adopted.

Say we apply this to Arch Linux, each staff member has equal say. Orhun
raised a suggestion/concern, however they also have a conflict of
interest because they are pushing for the adoption of their software.
Surely to make it fair they should excuse their opinion on what
software is used, and simply keep their suggestion.

Therefore you can split it into two parts:

1. Should Arch Linux host a public pastebin/upload server?
2. If (1) is accepted, then should it be rustypaste?

Calling a vote for (1) or (2) would be excessive. However for (2) you
could do a implicit agree, and ask whether anyone has any other
pastebin/upload software which they believe would be a better fit
for the job. However there has been no such question, it has been "lets
just use my solution".

(Note: I have never used rustypaste, I am completely neutral, and in no
way saying rustypaste IS NOT the best solution, I am simply pointing
out no other suggestions have been made)

So to spur such a discussion, why should it be rustypaste?
What makes it better than the competition?



I think you're taking Orhun's mail/proposition the wrong way.
First of all, Arch Linux and rustypaste are not corporate so there's no "corporate buddies"/shareholders in that context. I personally have not been bothered by any potential "conflict of interest" in their suggestion.
Secondly, Orhun's demand is not "Should Arch Linux host a public pastebin/upload server (and, if so, could it be rustypaste)?" but "rustypaste is looking for a public instance [2], could Arch Linux host it?"
Here again, I feel like this an important nuance to understand why the discussion is specifically about rustypaste (and not about any other similar services).
[1] https://lists.archlinux.org/archives/list/arch-general@xxxxxxxxxxxxxxxxxxx/message/KVDTLL3Z6YQQPPYRDLI5KYOGV5HUQU54/ 
[2] https://github.com/orhun/rustypaste/issues/326


Take care

--
Regards,
Robin Candau / Antiz

Attachment: OpenPGP_0xFDC3040B92ACA748.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux