Filippo Valsorda :go: on Nostr: In general, I think a lot of solutions tried to build end-to-end solutions, from the ...
In general, I think a lot of solutions tried to build end-to-end solutions, from the developer to the user, where instead we should acknowledge that there's a lot of infrastructure in the middle.
HTTPS was successful because it doesn't require everything to be signed from the database. Instead it protects load balancer → user. Database → load balancer is the job of the security team.
Likewise, we should build systems that protect GitHub → user, and let the project protect developer → GitHub.
HTTPS was successful because it doesn't require everything to be signed from the database. Instead it protects load balancer → user. Database → load balancer is the job of the security team.
Likewise, we should build systems that protect GitHub → user, and let the project protect developer → GitHub.