Hey @Patrick, I’m curious – what are your thoughts on Discourse after 3 years of use?
usability: awesome
stability: good
antispam: awesome
javascript dependency: bad for security related project
security: no opinion
My org is looking at using Discourse, but I saw a huge red flag when skimming their install guide, which included the command:
wget -qO- https://get.docker.com/ | sh
Really bad indeed.
Many if not most popular webapps are similar to that. If you choose to
only use these with best security practices, you’ll be severely limiting
usability, thereby productivity, thereby the overall success.
There would be a command which makes it partially more secure.
^ After seeing a project say that, I’m tempted to discount any claims that they “take security very seriously” as mere security theater.
I’d very much like to hear the perspective of the security-focused Whonix team on the security (and other aspects) of self-hosting Discourse.
Package manager security, file verification security and other auxiliary
attack vectors such as clock related security issues are not on the
radar of many even security focused projects. For example hardened
gentoo goes serious about enabling security hardening compile flags but
then is sloppy about package manager security.
Should uncheck / remove / disable allow_username_in_share_links once that becomes available in the stable version of discourse so username isn’t added to the link when using the forum’s “share a link” feature.
Due to potential flakyness of this 2FA method, let’s consider (2FA) account recovery.
If someone is a known person or pseudonym, having a usually used e-mail address and OpenPGP (or signify or otherwise) signing key, should I trust that signing key in if there ever is a request to disable 2FA?