|
|
|
|
|
|
by andrewstuart2
2979 days ago
|
|
|
> If you believe that devs require root then that’s an indicator that your build/test/deploy/monitor pipeline is not operating correctly. For one, I never said anything about root. I'm not sure anybody should have root in production, depending on the threat model. What I am saying is that the people who wrote the proprietary software being operated should be the ones on the hook for supporting it, and should be given the tools to do so, since they're the most aware of its quirks, design trade-offs, etc. That means not just CI/CD and monitoring output, but machine access, network access, anything that would be necessary to diagnose and rapidly respond to incidents. That almost never requires root. |
|
|