Hacker News new | ask | show | jobs
by benatkin 4361 days ago
I'm comfortable with having a company I trust enough handling deployment. In order to trust them I have to see them do difficult things well and it probably needs to be more than just a couple people. A small deployment service like this will probably remain in the area where I don't know enough about them to trust them. This is why I turn to Continuous Integration tools (CircleCI) or Project Hosts (Beanstalk, Springloops) for deployment. By observing them doing complicated things I get the feeling that they know what they're doing. Perhaps OP should think bigger.
2 comments
bradhe 4361 days ago
But those complicated things (CI) are fairly different than managing deployments securely...
link
druiid 4361 days ago
I personally wouldn't trust CircleCI to do this stuff either. They already don't exactly have a great track record for security.
link
benatkin 4360 days ago
Upon thinking about it, I agree. I don't want CircleCI to have the SSH key.

I think webhooks are a good model. At worst it could deploy at the wrong time (which would be pretty bad).

link