Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ilikebits 4 days ago

You are correct. The reason we built this tool is because all of the scripts we found had sharp edges when we tried to use them in production at scale (I talk about some of them here: https://news.ycombinator.com/item?id=43730136).

Most of these scripts were designed for a world where there was A Blessed Deployment Machine that acted as its own de facto centralized control plane. We're designed for a newer world where publishing is just another piece of your CI, so you need more features to handle concurrency control, distributed signing, incremental index rebuilds, etc.

benwilber0 4 days ago | parent [-]

What is an example of something that would require "distributed signing"?

ilikebits 4 days ago | parent | next [-]

Our use case is customers who (1) want to use a managed cloud hosting service that we provide, but (2) are not willing to give us their signing keys. Our design allows them to keep all of their signing keys local to their environment.

To our knowledge, we have not found another provider who supports both of these requirements. It's not some amazing technical innovation, but it is one of those annoying paper cuts that builds up with all the others.

benwilber0 4 days ago | parent | next [-]

> when we tried to use them in production at scale

Debian and Ubuntu have been using them in production and "at scale" for decades. What are the "sharp edges" that you're trying to solve?

ilikebits 4 days ago | parent [-]

That's true! The Debian and Ubuntu folks are also experts at this. In our experience, the sharp edges generally affect teams that don't have a lot of in-house expertise in this, and where release engineering is not a core engineering competency that they want to invest in.

rlpb 4 days ago | parent | prev [-]

Signing an unsigned apt repository is about three gpg commands though. I don't see how this kind of thing requires a whole separate product.

ilikebits 4 days ago | parent [-]

Yeah, solving this locally for one repository definitely isn't that hard at all. Most of the features we're building become useful when you're trying to build CI integrations for a larger team while also complying with enterprise security requirements (e.g. audit logging, HSM key protections, etc.).

4 days ago | parent | prev [-]
[deleted]