From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2C3E1138A1A for ; Fri, 20 Feb 2015 23:40:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 99A8CE0855; Fri, 20 Feb 2015 23:40:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 875DCE0809 for ; Fri, 20 Feb 2015 23:40:11 +0000 (UTC) Received: from [172.16.0.17] (cpe-74-75-188-108.maine.res.rr.com [74.75.188.108]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: desultory) by smtp.gentoo.org (Postfix) with ESMTPSA id B3F13340980 for ; Fri, 20 Feb 2015 04:49:58 +0000 (UTC) Message-ID: <54E6BCED.8020404@gentoo.org> Date: Thu, 19 Feb 2015 23:49:49 -0500 From: Dean Stephens User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Gentoo, GitHub, and the Social Contract References: <201502142148.30540.dilfridge@gentoo.org> <54E007A4.5050504@gentoo.org> <54E16381.8020409@gentoo.org> <54E411BA.4090502@gentoo.org> <54E4D25A.70708@gentoo.org> <54E4DE30.2010205@gentoo.org> In-Reply-To: <54E4DE30.2010205@gentoo.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: ef0ea548-5018-4263-98c9-c15e677a51b7 X-Archives-Hash: 45068cfdae3bd0475847174231b1ad47 On 02/18/15 13:47, hasufell wrote: > Matt Turner: >> On Wed, Feb 18, 2015 at 9:56 AM, hasufell wrote: >>> Are you saying you only share the code with your buddies? In that case, >>> it is against our social contract as well. >> I have not shared the code in question with anyone at all, I also happen to have never been on the team that wrote, maintains, and uses is. Knowing a claim is false does not automatically make one the subject of it. >>> Not only that, it is even a serious security problem since the developer >>> community doesn't know how these things are packaged and neither do the >>> users. >> >> There's a serious security problem if they were to release the scripts >> (passwords and all) right this second. >> > > This statement makes me wonder if you really understand opensource (or > even free software). > > Maybe the recruitment quizzes need to be fixed in this regard. > While embedding authorization tokens in a script is not exactly in keeping with best practices, implying that the only concern in publishing a script which you have been told includes such tokens is your own desire for it to be published is at best ignorant. As such, you would appear to be in dire need of basic information security training.