Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fsebugoutzone.org/objects/0c1eb348-a8ec-47f5-a5cc-7db1a22c3a3e">jae (jae@fsebugoutzone.org)'s status on Friday, 11-Apr-2025 22:42:34 JST</a><a href="https://fsebugoutzone.org/users/jae" title="jae@fsebugoutzone.org"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="jae" style="position: absolute; left: 0; top: 0;">jae</a><div><a href="https://fsebugoutzone.org/objects/ef0ba5e7-f96e-48a9-a1fe-08b3d73420ad" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/158739" title="phnt@fluffytail.org">Phantasm</a></li><li><a href="https://gnusocial.jp/user/256996" title="p@fsebugoutzone.org">pistolero</a></li><li><a href="https://gnusocial.jp/user/331382" title="m0xee@nosh0b10.m0xee.net">m0xEE</a></li></ul></div></section><article><a href="https://fsebugoutzone.org/users/p">@p</a> <a href="https://poa.st/users/TeaTootler">@TeaTootler</a> <a href="https://nosh0b10.m0xee.net/m0xEE">@m0xEE</a> <a href="https://fluffytail.org/users/phnt">@phnt</a> <br><br>&gt; And completely changes the service from "Store these blobs" to "execute arbitrary code".<br><br>the system doesn't exec arbitrary code.  it handles git operations, drops builds, runs linters, sast/sca, full test-harness with regression suite, then deployments where applicable.  it's all very intentional.<br><br>ace theoretically could occur in the ci system (not related to forgejo), however if the operator is running a ci system that allows elevated privilege to the host operating system that the runners kick on, that is problematic and poor choice to make.  i do not have that problem.<br><br>and the scraper issue people were hemming/hawing about is a non issue when you have a waf at the edge, which we do. (servo has ascended)</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4873344#notice-9555148">In conversation</a><time datetime="2025-04-11T22:42:34+09:00" title="Friday, 11-Apr-2025 22:42:34 JST">about 3 days ago</time> <span>from <span><a href="https://fsebugoutzone.org/objects/0c1eb348-a8ec-47f5-a5cc-7db1a22c3a3e" rel="external" title="Sent from fsebugoutzone.org via ActivityPub">fsebugoutzone.org</a></span></span><a href="https://fsebugoutzone.org/objects/0c1eb348-a8ec-47f5-a5cc-7db1a22c3a3e">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
jae (jae@fsebugoutzone.org)'s status on Friday, 11-Apr-2025 22:42:34 JSTjae
in reply to
@p @TeaTootler @m0xEE @phnt

> And completely changes the service from "Store these blobs" to "execute arbitrary code".

the system doesn't exec arbitrary code. it handles git operations, drops builds, runs linters, sast/sca, full test-harness with regression suite, then deployments where applicable. it's all very intentional.

ace theoretically could occur in the ci system (not related to forgejo), however if the operator is running a ci system that allows elevated privilege to the host operating system that the runners kick on, that is problematic and poor choice to make. i do not have that problem.

and the scraper issue people were hemming/hawing about is a non issue when you have a waf at the edge, which we do. (servo has ascended)
In conversationabout 3 days ago from fsebugoutzone.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice