I think we should not lose sight of the fact that mosh is security-sensitive software in a category unlike many other software packages, and thus it is worth some inconvenience to the maintainers that you might not accept in a less sensitive tool.
Another question: would we rather we be compromised at the same time when Github or Travis is compromised, or would we rather be compromised independently at a different time? Feel free to substitute "if" for "when" if it makes you feel better. --jh...@mit.edu John Hawkinson john hood <cg...@glup.org> wrote on Mon, 31 Oct 2016 at 00:12:06 -0400 in <cd544460-ff54-d516-7af9-dcb04f0b0...@glup.org>: > The reasons I did this: to get a more externally-visible build for the > package, and to do the release build on something other than my personal > OS X machines. Of course, this means we are trading trust in my OS X > systems for trust in Travis' OS X build environments. I think this is a > win, any opinions? > > Alas, we will not get any kind of repeatable builds out of this, Travis > constantly updates their build images and we update to current Homebrew > for dependencies on every build. _______________________________________________ mosh-devel mailing list mosh-devel@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel
