[task #15696] Security warning at the start of Maneage

[Mohammad Akhlaghi]

URL:
  <https://savannah.nongnu.org/task/?15696>

                 Summary: Security warning at the start of Maneage
                 Project: Reproducible paper template
            Submitted by: makhlaghi
            Submitted on: Wed 17 Jun 2020 03:42:43 AM BST
         Should Start On: Wed 17 Jun 2020 12:00:00 AM BST
   Should be Finished on: Wed 17 Jun 2020 12:00:00 AM BST
                Category: Software
                Priority: 5 - Normal
                  Status: Postponed
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

We try our best to keep the core Maneage project as secure as possible. The
fact that it doesn't require root permissions is one such example.

However, we cannot make any promises for projects that are derived from
Maneage! For example a malicious project author may put steps deep in their
own project scripts that extract a user's private SSH keys (or other private
data) and use a network connection to send it somewhere. 

Therefore it is very important the users understand this major security
implications and take the proper precautions if they don't trust the derived
project's creator.

For example one option is build a new user for the "Maneaged" project and run
the project in that user account, or to run it in a Docker container (task
#15389) or to create a virtual machine and run it there.

This task was defined during the more specific discussion of task #15694.




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15696>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/