Quoth Calvin via 9fans <[email protected]>: > > On Friday, 9 January 2026, at 6:14 PM, Calvin wrote: > > > >> There are many security and privacy holes in venti's design that should be > >> fixed. Anyone with access to a venti system has, in essence, full > >> permissions to all data in every file system stored in the system. The > >> only current practical mitigation is to simply prevent access to the venti > >> in the first place, and only expose a file system on top of it, such as > >> fossil, but this can greatly reduce the benefits of venti's deduplication. > > > > Indeed, venti is insecure. But it doesn't do 9p and it is only intended as > > a backing store for real servers. If the real server (eg. a fossil) is on > > the same machine, address of 127.1 is a solution. Imho also adresses in > > 168.x.x.x nets are quite safe. This way it is not exposed outside your > > realm. > > Sorry i was quoting Noam there, I am interested in proposed solutions. >
What exactly is your threat model? ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T4d8ba4236feb5d92-M118b9d7df500b1487e064382 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
