[tptacek]

Funny thing about Go is that as a compiled language, folks often need to send the source-code to the deployment servers to compile on them too. I seem to recall that deployment servers shouldn't need to have development tools which were themselves exposing the servers to bad intention by bad folks. It's just hard to keep the separation I guess.

This is what systems administrators with grey beards thought in the 1990s. A moment's thought about what an attacker who can run a compiler can do instead of running a compiler should be enough to inform you about how silly the idea is in practice.

[jlouis]

It may have slowed down the occasional attacker who had no access to a HP-PA RISC cross compiler for his platform. But in todays world there is no reason.

[meaty]

Well back in the 90s we kept the machines lean more because disk space was fucking expensive.

[tptacek]

I'm not saying that minimal builds are silly, just that the idea of keeping compilers off systems as a security feature is.

[wglb]

Did they have /bin/sh or /bin/bash or /bin/csh?

[meaty]

Yes but they were only available to one user and that could only log in via the console server.

Joy to ACLs, custom Solaris builds and proper kit (ultra enterprise units the size of a full 42u rack).

I miss those days.