On 15 June 2015 at 21:33, Giancarlo Razzolini <grazzolini@gmail.com> wrote:
Em 15-06-2015 16:26, Tom Swartz escreveu:
With all due respect, requiring that a user punch holes in their security firewalls is not a proper or long term solution to the issue at hand.
It is the only solution.
AFAICS it's "the only solution" only due to decisions made by the people maintaining AUR, or is there some technical reason that makes it *impossible* to allow HTTPS access to the git repos?
For home users, this might be a valid (although no less sane) solution, but in corporate networks where the firewall rules are crafted for a reason (e.g. to protect the rest of the devices on the network).
A rule that denies outgoing SSH access is a dumb one. It doesn't protect the rest of the devices on the network.
I fully agree with you, but you make a very common mistake here: you apply logic and rational thinking to a situation that isn't governed by it :) You know it's a silly rule, I know it's a silly rule, everyone I interact with at work on a daily basis knows it's a silly rule. However, convincing the IT department of a 50000+ behemoth of a company that it's a silly rule *and that it should be changed* is a huge undertaking!
I firmly believe that restricting access to SSH, port 22 only, is something that will greatly hinder wide adoption. At the very least, it will prevent myself from uploading/updating my several AUR packages.
Instead of requiring others to solve your problem, you should explain to your network administrators that this rule is counterproductive. I don't really think that this will hinder adoption since port 22 is the default ssh port.
You clearly are fortunate enough to only be surrounded by people who base their decisions on logic and who are willing to go back on earlier decisions, and make changes solely based on well-founded arguments presented by engineers. I've worked in about 10+ different organisations, ranging in size from 50 to 100000+ and I have still to find a place like the one you are in. I strongly urge you to *never* switch jobs! /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: magnus@therning.org jabber: magnus@therning.org twitter: magthe http://therning.org/magnus