[vlucas]

I just checked out the product and it looks good so far. This could be a nice step in-between PaaS and running your own servers, which I'm guessing is the sweet spot you guys are going for.

The main (and obvious) downside is that I'm a little hesitant to install an unknown agent on my server that runs arbitrary commands from a 3rd party (even if they are only run at my request and on my behalf). Namely, it's not hard to imagine a scenario in which your central server gets compromised and then goes on to compromise all your customers connected servers. Do you guys have any plans to mitigate this risk or ease the minds of people worried about the security issues like me?

[jsamuel]

I definitely understand your security concerns. My background is actually in security research. The architecture we're implementing will prevent arbitrary code execution on your servers if we were compromised by ensuring only signed code is executed. And, of course, code signing will be done offline.

Relatedly, here's some of my research on creating software update and deployment systems that are resilient to compromise:

https://www.eecs.berkeley.edu/~jsamuel/papers/survivable-key...