Chef-sugar stands its grounds against ICE contract
github.comThey have some update. (looks like they are backtracking their original statement.)
https://blog.chef.io/2019/09/23/an-important-update-from-che...
Chef's official stance remains unchanged. Their blogpost: https://blog.chef.io/2019/09/19/chefs-position-on-customer-e...
> For context, we began working with DHS-ICE during the previous administration
That should have been Chef's only response, really. (That, and they still need to explain how a former developer somehow managed to break something.)
The most depressing part is that people will only care about what ICE are doing until the next election
> Earlier today, a former Chef employee removed several Ruby Gems, impacting production systems for a number of our customers.
That's some horrendous infosec. Why would ICE or anyone use this? Can't Chef use, err, Chef or something like that to remove all credentials as soon as employees leave the organization?
It was his own gem, hosted under his own account, not Chef's. It's apparently just relied on by almost the entire Chef ecosystem, including Chef's own systems.
Quite rare to find projects standing its own ground .