code passes security check #291

New issue

Open

opened 2025-04-01 20:47:44 +02:00 by kiara · 0 comments

kiara commented 2025-04-01 20:47:44 +02:00

Owner

Copy link

In order to verify Fediversity may be put into production, we should have our code pass an independent security compliance audit in adherence to the standards set out in the General Data Protection Regulation (GDPR).

To ensure this serves our goals, this check should cover code spanning at least the features laid out in:

1. #347:
   • #100
2. #349 (Owner: @koen @ ProcoliX):
   • #228

Achieving this would involve at least:

1. #493 Credentials handled
2. #87 TLS certificates handled
3. #313 Hypervisor users segregated
4. #633 Inter-node access authenticated

In order to verify Fediversity may be put into production, we should have our code pass an independent security compliance audit in adherence to the standards set out in the [General Data Protection Regulation](https://gdpr-info.eu/) (GDPR). To ensure this serves our goals, this check should cover code spanning at least the features laid out in: 1. #347: - #100 1. #349 (**Owner**: @koen @ ProcoliX): - #228 Achieving this would involve at least: 1. #493 Credentials handled 1. #87 TLS certificates handled 1. #313 Hypervisor users segregated 1. #633 Inter-node access authenticated <!-- 1. (#212) SSO supports MFA --> <!-- 1. #337 operator can manage user rights -->

kiara added a new dependency 2025-04-01 20:49:02 +02:00

#228 [D2.3] brought into production [2027-11-01]

kiara added a new dependency 2025-04-01 20:59:00 +02:00

#272 support password-protected personal SSH keys for deploying services in development

kiara added a new dependency 2025-04-01 22:57:17 +02:00

#295 limit security impact of SSH access to service VMs

kiara added a new dependency 2025-04-01 23:01:17 +02:00

#127 Keeping applications' nix packages up-to-date

kiara added a new dependency 2025-04-01 23:01:24 +02:00

#155 Address CI friction between security and caching

kiara added a new dependency 2025-04-01 23:01:30 +02:00

#198 switch panel db from sqlite to postgresql

kiara added a new dependency 2025-04-02 16:44:02 +02:00

#26 Set up a secret management scheme

kiara added a new dependency 2025-04-02 16:46:33 +02:00

#24 Disable root SSH authentication altogether

kiara added a new dependency 2025-04-28 18:36:05 +02:00

#87 Replace snakeoil-key with proper secret

kiara added the

type unclear

label 2025-05-01 12:19:15 +02:00

kiara referenced this issue 2025-05-05 19:48:02 +02:00

ephemeral state is automatically provisioned #314

kiara added

type: key result

and removed

type unclear

labels 2025-06-01 10:21:51 +02:00

kiara added a new dependency 2025-06-01 11:12:00 +02:00

#349 exploit our work by enabling reproducible deployments of an initial set of portable applications

kiara changed title from security to security audit 2025-06-01 11:12:16 +02:00

kiara changed title from security audit to code passes security audit 2025-06-01 12:39:00 +02:00

kiara changed title from code passes security audit to code passes security check 2025-06-05 12:35:05 +02:00

kiara referenced this issue 2025-06-09 21:10:43 +02:00

initial focus on single application for development #327

kiara referenced this issue 2025-06-09 23:00:55 +02:00

application offering delegated #369

kiara referenced this issue 2025-06-10 19:43:11 +02:00

exploit our work by enabling reproducible deployments of an initial set of portable applications #349

kiara referenced this issue 2025-06-10 19:59:59 +02:00

[D2.3] brought into production [2027-11-01] #228

kiara removed a dependency 2025-06-16 12:00:00 +02:00

#349 exploit our work by enabling reproducible deployments of an initial set of portable applications

kiara added a new dependency 2025-07-16 10:39:40 +02:00

#463 secrets may be handled securely w.r.t. use in PRs

kiara added a new dependency 2025-12-02 22:00:57 +01:00

#614 catch up on nixpkgs updates

kiara added a new dependency 2025-12-03 15:56:05 +01:00

#633 nodes can identify one another

kiara added a new dependency 2025-12-04 11:39:01 +01:00

#313 ProxmoX back-end supports multiple users

kiara added a new dependency 2025-12-11 15:31:04 +01:00

#493 portable ephemeral state

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

ci/pixelfed

pixelfed-ci

No results found.

Labels

Clear labels   

0 points

fibonacci complexity: 0 points

  

0.5 points

fibonacci complexity: 0.5 points

  

1 point

fibonacci complexity: 1 point

  

13 points

fibonacci complexity: 13 points

  

2 points

fibonacci complexity: 2 points

  

21 points

fibonacci complexity: 21 points

  

3 points

fibonacci complexity: 3 points

  

34 points

fibonacci complexity: 34 points

  

5 points

fibonacci complexity: 5 points

  

55 points

fibonacci complexity: 55 points

  

8 points

fibonacci complexity: 8 points

  

api service

features that may relate more to a (to be created) API service

  

blocked

  

component: fediversity panel

  

component: nixops4

  

documentation

  

estimation high: >3d

  

estimation low: <2h

  

estimation mid: <8h

  

infinite points

fibonacci complexity: infinite points

  

productisation

features out-scoped with the decoupling of the productisation effort

  

project-management

Project management related tasks

  

question

  

role: application developer

  

role: application operator

  

role: hosting provider

  

role: maintainer

  

security

  

technical debt

  

testing

  

type unclear

  

type: bug

Anything that doesn't work as advertised

  

type: deliverable

  

type: key result

  

type: objective

  

type: task

  

type: user story

  

user experience

No labels

0 points

0.5 points

1 point

13 points

2 points

21 points

3 points

34 points

5 points

55 points

8 points

api service

blocked

component: fediversity panel

component: nixops4

documentation

estimation high: >3d

estimation low: <2h

estimation mid: <8h

infinite points

productisation

project-management

question

role: application developer

role: application operator

role: hosting provider

role: maintainer

security

technical debt

testing

type unclear

type: bug

type: deliverable

type: key result

type: objective

type: task

type: user story

user experience

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks

#228 [D2.3] brought into production [2027-11-01]

fediversity/fediversity

Depends on

#24 Disable root SSH authentication altogether

fediversity/fediversity

#26 Set up a secret management scheme

fediversity/fediversity

#87 Replace snakeoil-key with proper secret

fediversity/fediversity

#127 Keeping applications' nix packages up-to-date

fediversity/fediversity

#155 Address CI friction between security and caching

fediversity/fediversity

#198 switch panel db from sqlite to postgresql

fediversity/fediversity

#272 support password-protected personal SSH keys for deploying services in development

fediversity/fediversity

#295 limit security impact of SSH access to service VMs

fediversity/fediversity

#313 ProxmoX back-end supports multiple users

fediversity/fediversity

#463 secrets may be handled securely w.r.t. use in PRs

fediversity/fediversity

#493 portable ephemeral state

fediversity/fediversity

#614 catch up on nixpkgs updates

fediversity/fediversity

#633 nodes can identify one another

fediversity/fediversity

Reference: fediversity/fediversity#291

No description provided.