Sponsored Teleport to help provide secure access and audit access

[benarent]

Hi Homebrew Team,

I'm not sure if this is the right place, but in the spirit of OSS I wanted to open and go through the community vs DMing the maintainers.

I'm reaching out as we are creating a new project to support the open source community. Teleport already provides a robust OSS version, this offer would extend to providing sponsored access for Teleport Cloud. Meaning one less bit of infra to run. There are few reasons we excited to provide this sponsorship. We offer teleport using brew, but have been concerned about possible supply chain attacks. Knowing short live certificates are used for access would help us sleep better at night. The second benefit, is it lets you easily provide access to volunteers, and you won't have to worry about cleaning up SSH keys after.

We already have pretty robust Mac & Kubernetes Support, and would be happy to partner with MacStadium. Reply or Email me [email protected] for more details.

[MikeMcQuaid]

I'm not sure if this is the right place, but in the spirit of OSS I wanted to open and go through the community vs DMing the maintainers.

This is good, thanks! ❤️

Knowing short live certificates are used for access would help us sleep better at night.

Short-lived certificates for what? I read the README but I'm not entirely sure I understand what this project is and how it (potentially) could help Homebrew's security?

and would be happy to partner with MacStadium

May be worth contacting them directly, too?

[MikeMcQuaid]

@benarent I don't think this is something we'd use currently (although feel free to contradict me other maintainers if you're interested in using this and setting it up) but thanks for the kind offer ❤️

[SMillerDev]

I would definitely use it if available, the problem would just be with getting it hooked up to macstadium in a way that doesn't add the maintenance burden to the Homebrew team. If you have a proof of concept for a macstadium Orca and https://www.macstadium.com/m1-mini setup we might be able to copy that?

[MikeMcQuaid]

Yeh, agreed. If this tool required no setup/maintenance from us (or there was someone volunteering to do the setup): 🆒.

[benarent]

I'll spend the next few days making a POC with Orca. We've been working with macstadium on another project, but I wasn't on the initial setup. I'll sync back once I've got something working.

[MikeMcQuaid]

Thanks @benarent!