[almighty] Almighty Build Service and Private repositories
Michael Kleinhenz
kleinhenz at redhat.com
Thu Oct 27 13:07:54 UTC 2016
> parties. While technically the same, it is fundamentally different in
>> policy terms.
> Would you mind elaboration on why it is different? The public key is
> set up as deploy key in both cases and private key is given to build
> provider to access the repo. Why should github generate such keys and
> not Almighty?
I'd think that if some party would generate access keys, they would
most possibly have a clause in their terms of service that these keys
might only be used for the party that the keys are created for. At
least Facebook has something like this in their ToS for example. On
the other side, if we create the keys and just give them to the remote
service, this can most certainly not be covered by any ToS, because
these keys belong to the user, not the service and the service can be
considered remote party here.
--
Michael Kleinhenz
Principal Software Engineer
Red Hat Deutschland GmbH
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
RED HAT | TRIED. TESTED. TRUSTED.
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht München,
HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham,
Michael O'Neill
More information about the almighty-public
mailing list