'Re: [qubes-devel] Re: GitLab'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: GitLab
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2017-05-13 20:12:07
Message-ID: 0d94fbe5-a944-c6a1-2344-9594ce0361cd () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-05-13 15:00, Hack wrote:
> On 05/13/2017 09:40 PM, Andrew David Wong wrote:
> On 2017-05-13 12:31, Hack wrote:
> > > > On 05/09/2017 09:13 PM, Ivan Mitev wrote:
> > > > > 
> > > > > 
> > > > > On 05/09/2017 09:46 PM, Hack wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > Why do you use GitHub instead of GitLab?
> > > > > 
> > > > > Most likely because the devs historically chose github and it works
> > > > > well
> > > > > for the project's needs ?
> > > > > 
> > > > Useless answer, as it does not give any explanation (see below ↓)…
> > > > 
> > > > GitLab works well, there is even a Qubes OS repository added, 2 years
> > > > ago, by Wojtek Porczyk, but it is not used. Why?
> > > > 
> > > > > If your question is instead related to the trust/security/... (or lack
> > > > > thereof) of github vs. gitlab, github isn't a trusted infrastructure
> > > > > [1]
> > > > > so it's not a concern.
> > > > > 
> > > > > Hope this helps,
> > > > > 
> > > > > ivan
> > > > > 
> > > > > 
> > > > > [1]
> > > > > https://www.qubes-os.org/doc/user-faq/#what-does-it-mean-to-distrust-the-infrastructure
> > > > >  
> > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > From your link:
> > > > "We believe that many attempts to make the infrastructure appear
> > > > trustworthy actually provide only the illusion of security and are
> > > > ultimately a disservice to real users."
> > > > 
> > > > With all due respect, I find this "philosophy" so stupid…
> > > > 
> > > > From what I have studied, open source software are more secure than
> > > > closed source software. And there is plenty of studies on internet that
> > > > say the same thing… So GitLab is better…
> > > > 
> > > > Now if we take a concrete example:
> > > > I have a wife, children, and I have the choice to live in a quite
> > > > suburb in Glendale, or to live in the worst place in Detroit.
> > > > 
> > > > I know that I can be in danger in Glendale, but statistically, I know
> > > > that Glendale should be better for my family.
> > > > 
> > > > So what? Should I go to Detroit because I can be potentially in danger
> > > > too in Glendale? And because I would be less prudent at Glendale, I have
> > > > to go to Detroit to protect my family and myself, in a better way? Well,
> > > > as I am not dumb, I will choose Glendale rather than Detroit…
> > > > 
> > > > The same thing apply with software: Gnu/Linux is a better choice than
> > > > Windows.
> > > > 
> > > > So I use Gnu/Linux, rather than Windows (and GitLab rather than GitHub)…
> > > > But if I follow your line of reasoning, I should choose Windows? Because
> > > > it will "disservice to real users", as I will feel being in more secure
> > > > area… It makes no sense…
> > > > 
> 
> No, that doesn't follow. This is about the infrastructure, not the
> endpoints.
> 
> 
> > But why that doesn't follow? It is very subjective… Nothing prevents it,
> > mostly when the infrastructure hosts the endpoints…
> 
> > Sorry, but I do not understand your logic.
> 

You wrote: "So I use Gnu/Linux, rather than Windows (and GitLab rather
than GitHub)… But if I follow your line of reasoning, I should choose
Windows?"

For a personal computer user, the question of whether to use Gnu/Linux
or Windows is a question about which OS to install on an endpoint. We
distinguish between endpoints and the infrastructure. While we distrust
the infrastructure, we do not distrust endpoints. On the contrary, we
believe that endpoints should be trustworthy, which is why we've created
Qubes OS.

It does not follow from our distrust of the infrastructure that we think
you should choose Windows, since that choice is a choice about your
endpoint, which we think should be trustworthy.

> > > > More security is better… not less…
> > > > 
> 
> We agree, but we disagree about what constitutes "more security." We
> believe that what many people regard as "more security" is actually the
> illusion of security, and we believe that having more of the illusion of
> security is worse than having less of it.
> 
> 
> > It is a dialogue of the deaf…
> 
> > > > And finally, it is sad to use GitHub, because:
> > > > 1. even if you cannot trust any infrastructure, yet, you can prefer
> > > > a better one…
> > > > 2. you prone paranoia, but do wired choices (including your GitHub
> > > > choice)…
> > > > 3. your "choice", to use GitHub, does not help open source…
> > > > 4. your "philosophy" sucks, because it is hypocritical (open source
> > > > is better, and more secure, but only when it comes from us, but wait, do
> > > > not trust us too much… and trust GitHub (closed source), but not too
> > > > much…; blah blah blah…);
> > > > 5. it is egotistical to use GitHub instead of GitLab, "no
> > > > solidarity", free for all…
> > > > 
> 
> > 
> 
> I think it is a useless talk, and I do not want to troll.
> 
> Anyway, thank you for your attention.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZF2iRAAoJENtN07w5UDAwvS4P/2B5IVUjFmT58D13qAabL0CD
PTltxppDEtlXbPgtUi/q0a6kuzfnd1/UDhnLM2NUe+wr2pu/Q+YFjmJFBwIoSD7f
4kAbntWXRNqRQ5DlXfPaqKyzO4+rY1aCqrKldsOETrQOpKOUl3+sCU/1YeV3ju48
NgULVNv+j/GKW4TjK8raOYmNgsrTQpUJEj38VFJECdqp50//xaZlR+yvv3EUEysR
np1+D3vQ+PWiDgydllSmUH+pXTQy0mWrkPBcjrX7nPAB8UBEa34J7cNTgDVkh0pE
gW91FhHO0GmETGo9xUNIGNqk6UCNSPi89XR+LK3iVqRLFIcQQ8VkvJfEkHywspOK
x+DLpH7vKvCCMsBscjlZNlAQCUm4XipEMe0c31EzfTdE3I6C+OPZY9AuBSORkr2l
5aMOxajRZsswWwvusQI28vBvwIGvdxDZrn4emEwBmC+LLyDykDCnbpClP8Ioetf9
Id4wQGawFz+dya2BMlvAYWROUiSW/8sjdZMsb1l2tsA41NNoKqBfe0hk/t/XFVuW
BGj1+8p+4A2GEzKuaFnn8XlKJpk+VUpfguK8nTJwKY8GedMSvcoijV9UWH47s5k1
BabFfVDjZ17oDt1+ii5GNn4EW/cFBQ+MoMxPWMo70CvFdA0siIrUHayJ2B7OlAlY
9gm+f6CVZmHvc/TnrYSR
=OJ9F
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/0d94fbe5-a944-c6a1-2344-9594ce0361cd%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic