juergbi commented on issue #1684: URL: https://github.com/apache/buildstream/issues/1684#issuecomment-4691960011
buildbox-casd also doesn't restrict access to `LocalCAS` on the main socket, which makes it completely insecure for remote access. I think we need to solve that first in BuildBox before recommending its use as a remote cache. For the artifact and action caches we'd need to support some form of push restrictions (and should add expiry as has already been mentioned above). And while we're at it, we might as well add simple TLS server support to buildbox-casd. Allowing push only for some clients might be the trickiest part to add given there is currently no authentication support at all. The simplest solution from the buildbox-casd perspective may be to support separate sockets for the different access levels and let the rest be handled by a reverse proxy or firewall. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
