Andrew Lytvynov
Andrew Lytvynov
I don't know if we can do much about this. Impersonation is the mechanism that Teleport uses under the hood to pass user identity to the Kubernetes API. We'd need...
> I suspect it might be smoother than mucking about with systemd (ew), xinited (ew), creating users, and whatnot (which I did, adapting the Ubuntu setup instructions for Debian). As...
@adg what do you think about suggesting setcap as an alternative to xinited in the docs? This is subjective but i prefer to run as few services as possible.
@adg sent https://upspin-review.googlesource.com/c/8031/
> If you're skeptical, then watch key.upspin.io/log for anything to do with your key or your friends' and scream bloody murder if you see changes that you didn't initiate, or...
> The server will likely be located in the USA. So for whatever reason you get a warrant to give the data, you'll do it, since you don't (shouldn't) know...
@evilhamsterman are you using https://github.com/artis3n/ansible-role-tailscale by chance?
Thanks for the info! I think we will keep our restriction/expectation of `/etc/apt/sources.list.d/tailscale.list` being the source for a few reasons: * this keeps our update code more robust (fewer bugs)...
@stephanGarland that's a pretty good suggestion! We'd also have to update https://github.com/tailscale/tailscale/blob/12ad1423d0fd9db3df682de8f099d871a7f35928/clientupdate/clientupdate.go#L421-L425 where we switch the release track name in the file if requested. So it at least need to...
No worries, I'm happy to implement it, probably next week though.