@bumi Could you let me know if this ID is correct? I remember having seen UUIDs somewhere in the past, but this is the only one that I can find in Zoom itself. Thanks.
Nice!
I thought we said we'd build it from source, however, so that we can easily deploy our own fixes and customizations?
Yes, and that should be only once for all volumes ideally (or only have one data volume to begin with). I.e. we also want encryption for any other user data ideally, like Gitea repos, XMPP uploads, remoteStorage files, and so on.
What good is encypting a volume, when you leave the encryption password lying around on the hard drive?
What does this mean? Why would they use a different port to connect to Postgres?
Left a couple of comments/questions.
I don't see where that's done in this PR?
I'm not sure I follow. The point of verifying a hostname, is that it can change. That's the problem with DNS.
Thus, the question is still open: why would we have to verify the cert on the client in this scenario? It is a simple local config. And it is only there to encrypt the connection, so that someone outside of our machines cannot record unencrypted traffic, when it's flowing through a public network. Nothing else.
So the options for this use case are:
- Use a private network
- Encrypt the connection on a public network
The easiest way to achieve number 2 is with simple shared certificates that we ourselves configure on the machines.