debug-me lets a developer access your shell remotely, to debug a problem, avoiding a tedious back-and-forth by email.
Fantastic! Finally an easy way for users to give me access to a test environment
debug-me uses the GPG web of trust
Oh no
This looks like a solution to a nonexistent threatmodel. The user is already running my software, they’re already fully trusting me.
“Thank you for the bug report. Please launch debug-me and paste the link into the Github issue.”
Nothing could go wrong.
I suppose one could integrate this with GItHub such that only a particular set of users has access. GItHub does expose public SSH keys of a user after all.
Fantastic! Finally an easy way for users to give me access to a test environment
Oh no
This looks like a solution to a nonexistent threatmodel. The user is already running my software, they’re already fully trusting me.
“Thank you for the bug report. Please launch debug-me and paste the link into the Github issue.”
Nothing could go wrong.
I suppose one could integrate this with GItHub such that only a particular set of users has access. GItHub does expose public SSH keys of a user after all.