'Re: [qubes-devel] Re: GitLab'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: GitLab
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2017-05-13 19:40:10
Message-ID: c753412b-da8a-796f-9698-3e0562016e2a () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-05-13 12:31, Hack wrote:
> On 05/09/2017 09:13 PM, Ivan Mitev wrote:
> > 
> > 
> > On 05/09/2017 09:46 PM, Hack wrote:
> > > Hi,
> > > 
> > > Why do you use GitHub instead of GitLab?
> > 
> > Most likely because the devs historically chose github and it works well
> > for the project's needs ?
> > 
> Useless answer, as it does not give any explanation (see below ↓)…
> 
> GitLab works well, there is even a Qubes OS repository added, 2 years
> ago, by Wojtek Porczyk, but it is not used. Why?
> 
> > If your question is instead related to the trust/security/... (or lack
> > thereof) of github vs. gitlab, github isn't a trusted infrastructure [1]
> > so it's not a concern.
> > 
> > Hope this helps,
> > 
> > ivan
> > 
> > 
> > [1]
> > https://www.qubes-os.org/doc/user-faq/#what-does-it-mean-to-distrust-the-infrastructure
> >  
> > 
> > 
> 
> From your link:
> "We believe that many attempts to make the infrastructure appear
> trustworthy actually provide only the illusion of security and are
> ultimately a disservice to real users."
> 
> With all due respect, I find this "philosophy" so stupid…
> 
> From what I have studied, open source software are more secure than
> closed source software. And there is plenty of studies on internet that
> say the same thing… So GitLab is better…
> 
> Now if we take a concrete example:
> I have a wife, children, and I have the choice to live in a quite
> suburb in Glendale, or to live in the worst place in Detroit.
> 
> I know that I can be in danger in Glendale, but statistically, I know
> that Glendale should be better for my family.
> 
> So what? Should I go to Detroit because I can be potentially in danger
> too in Glendale? And because I would be less prudent at Glendale, I have
> to go to Detroit to protect my family and myself, in a better way? Well,
> as I am not dumb, I will choose Glendale rather than Detroit…
> 
> The same thing apply with software: Gnu/Linux is a better choice than
> Windows.
> 
> So I use Gnu/Linux, rather than Windows (and GitLab rather than GitHub)…
> But if I follow your line of reasoning, I should choose Windows? Because
> it will "disservice to real users", as I will feel being in more secure
> area… It makes no sense…
> 

No, that doesn't follow. This is about the infrastructure, not the
endpoints.

> More security is better… not less…
> 

We agree, but we disagree about what constitutes "more security." We
believe that what many people regard as "more security" is actually the
illusion of security, and we believe that having more of the illusion of
security is worse than having less of it.

> And finally, it is sad to use GitHub, because:
> 1. even if you cannot trust any infrastructure, yet, you can prefer
> a better one…
> 2. you prone paranoia, but do wired choices (including your GitHub
> choice)…
> 3. your "choice", to use GitHub, does not help open source…
> 4. your "philosophy" sucks, because it is hypocritical (open source
> is better, and more secure, but only when it comes from us, but wait, do
> not trust us too much… and trust GitHub (closed source), but not too
> much…; blah blah blah…);
> 5. it is egotistical to use GitHub instead of GitLab, "no
> solidarity", free for all…
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZF2EEAAoJENtN07w5UDAwvB0QAMFZgz67cNJYm3JfcsQEKWJN
x1R5DhuS0BTfwDsW7BLWS0OhRdXO28MIgFRa+9MCiVLnvbCxySM37Gymq8q8q7H6
V0nO4kwvs2q6swcESIurb+shzVw18ApM5ZVNRKX9Xi3rD2Na6Bjr33oocboxrehw
6Ib8Zk+6c6XhPlCeotKxguq1W7ZvCIz+/N1fpTvmPJrpccGLHqX8nQTPxN3I1gc6
rliCD7kHnM7ePfjMDFsCuxR7Uq3diq3NiKQhxb93Njqvq0efwFpuymHCEgeyf63Q
1GEun0qz9B3A9XSmaFjP+swcQ9M+c3INXenfcOpJ+Fh+ua+MWAf7V3tgcv1c27Qa
Fg7GPLJlgwdbWyBUkeKO0YlZtYdciAw+xLTA+KKDZfP5zrmNzSPssJ0pNh7ZuPzU
8x/lgVszB060MnBvlyH5fyrtikp5fZ/ukWnRbzkCT0+EORoLM824WIRjntPMD5Tx
7V88zHRGbQyxEh9XA+i7RUBFpm/7eg3Y6W47l9B7EfC/8/p6IWr3QFCwG1hictCh
samEv29IUIqUkisKpPK8If4aTK840R3Z1OGQcqZmst4H84kEmrq5yvCYlhDq44Xh
0L035BSqx8lTPvvW2VylGe/8U7Fbbe51ofln9ScXoBpXlHsP5pmcaz4P4ucidlER
H+xrnlzlscKa6prWmpf9
=/+Th
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/c753412b-da8a-796f-9698-3e0562016e2a%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic