Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Being able to rebuild critical infrastructure from source, and know that you'll be able to reliably deploy it, is a _huge_ win for security.

After a bunch of harrowing experiences with clients, I'm pretty close to believing "using packages for critical infrastructure is a bad idea".



Being able to rebuild critical infrastructure from source, and know that you'll be able to reliably deploy it, is a _huge_ win for security.

In that case, you might be interested in bosh: http://bosh.io/docs/problems.html (the tool that enables the workflow jacques_chester was describing). It embraces the idea of reliably building from source for the exact reasons you've mentioned.


I'm confused now, earlier you recommended patches over rebuilding continuously from source, but this seems like the opposite?


What does "packages" mean here? Sorry.


My guess is that "packages" is shorthand for "binary packages", as opposed to being able to redeploy from source.


Nod.


I'm guessing they meant to write "patches".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: