On Friday, 9 January 2026, at 6:14 PM, Calvin wrote: > There are many security and privacy holes in venti's design that should be > fixed. Anyone with access to a venti system has, in essence, full permissions > to all data in every file system stored in the system. The only current > practical mitigation is to simply prevent access to the venti in the first > place, and only expose a file system on top of it, such as fossil, but this > can greatly reduce the benefits of venti's deduplication.
Indeed, venti is insecure. But it doesn't do 9p and it is only intended as a backing store for real servers. If the real server (eg. a fossil) is on the same machine, address of 127.1 is a solution. Imho also adresses in 168.x.x.x nets are quite safe. This way it is not exposed outside your realm. Personally, I would even prefer a protocol similar to aoe. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T4d8ba4236feb5d92-M29d8a4c82645a573eab876c3 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
