top | item 43128298

(no title)

rjst01 | 1 year ago

> Your case is simply prioritizing work that you would have wanted to complete anyway

It's busy-work that provides no business benefit, but-for our supplier's problems.

> specific outbound IP addresses that they can then whitelist

And then we have an on-going burden of making sure the list is kept up to date. Too risky, IMO.

discuss

troutwine|1 year ago

> It's busy-work that provides no business benefit, but-for our supplier's problems.

I dunno, if I were paying for a particular quality-of-service I'd want my requests authenticated so I can make claims if that QoS is breached. Relying on public pulls negates that.

Making sure you can hold your suppliers to contract terms is basic due diligence.

rjst01|1 year ago

It is a trade-off. For many services I would absolutely agree with you, but for hosting public open-source binaries, well, that really should just work, and there's value in keeping our infrastructure simpler.