On Sat, Dec 14, 2019 at 10:35:58PM +0000, other.arkitech wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, December 14, 2019 7:52 PM, Punk-Stasi 2.0 <punks@tfwno.gf> wrote:
On Fri, 13 Dec 2019 23:30:51 +0000 "other.arkitech" other.arkitech@protonmail.com wrote:
http://otheravu4v6pitvw.onion/misc/downloads/answers_to_questions.txt
"The operating system image contains a pre-configured raspbian system where user gov has sudo powers, hence you have root privileges. For maintenance purposes I have (temporarily) root access too, via ssh port 16671"
haha, you can't be serious...?
I understand your concern, but I am running an alpha version of the system and having an ssh access to the node allows me to maintain and update the software. I've been running 50 nodes for 1 year using this mechanism as a mean to tune the systems. (development setup) Obviously this requires trust on me. Removing this trust is as easy as removing the file /root/.ssh/authorized_keys But this is like disconnecting your OS from automatic updates. It is temporary maintenance priviledge, it will be gone when I release 1.0. It should not be a concern since it is a dedicated raspeberry pi and little I can do inside that represents a threat.
Recommendation: script everything - have a script that rolls out your "standard testing install", have a script so that nodes can "pull" updates, rather than receive centralized "push" updates by default. The git model is now ubiquitous because it works for people ...