-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tessel Security Post #53
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good start– my only real critique is that it's missing context. It drops the reader right into a checklist– from the title and intro, I was expecting something different. I'm not sure what I expected..
I think the quickest fix would be a title change along the lines of "Tessel's security scorecard" or "Security checklist– is Tessel 2 safe?" though ideally less clickbaity than that suggestion.
Other than that, I like the style, and that it's short & sweet.
Separate note: I feel like this would get some play on HackerNews or Medium
|
||
How Tessel covers the [5 Easy Ways to Secure Your IoT Devices](https://www.sparkfun.com/news/2264) from the start. | ||
|
||
1. Unplug It |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This list needs more introduction. Is this Sparkfun's list? It doesn't have an obvious connection to how Tessel ships.
Part of the clarification needed is because you mention "from the start", as in built into the Tessel when it arrives, but this list is more of a set of user-maintenance tips.
|
||
## Power Cycle | ||
|
||
> Another interesting aspect of some malware like Mirai is that it only lives in volatile memory (e.g., RAM). That means simply turning off the device and turning it back on again will rid it of the malware |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mirai needs introduction if you are going to mention it– e.g. I was out-of-country/offline at that time and missed the whole thing
|
||
> Seriously, if you do only one thing to secure your device, do this. | ||
|
||
We did! Our [provisioning system](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan) is the only way to access the root system of Tessel over a network and requires a physical connection, like USB, to setup. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/setup/set up
|
||
> The biggest security flaw in UPnP is that programs inside your network can automatically request port forwarding from the router. | ||
|
||
We ship Tessel without any support for UPnP, as evidence by the [config files in our `openwrt-tessel` repo](https://github.com/tessel/openwrt-tessel/tree/master/files/etc/config). OpenWRT requires the [miniupnpd package and corresponding config file](https://wiki.openwrt.org/doc/howto/upnp) to enable UPnP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/evidence/evidenced
|
||
We literally have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). That process can only happen using `t2-cli` over a physical, USB connection, meaning no root access for rouge, third-party bots scavenging the Internet. | ||
|
||
Thanks to the folks at Sparkfun for sharing that awesome post. The Tessel team is always working on improving the out-of-the-box experience for anyone getting started with hardware and Internet-connected devices, so we're happy to say that when you get a Tessel you're secure from the start! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a header of its own or it falls into the Disable Telnet section
|
||
> it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion | ||
|
||
Tessel runs an open-source, embedded Linux distribution called [OpenWRT](https://openwrt.org), an actively maintained projects with frequent updates. We watch for security patches and keep our [version](https://github.com/tessel/openwrt-tessel) updated as needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Someone should probably do that...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lol
|
||
> Mirai actually did its dirty work by trying to access a device through Telnet or SSH using default credentials. | ||
|
||
We literally have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). That process can only happen using `t2-cli` over a physical, USB connection, meaning no root access for rouge, third-party bots scavenging the Internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be clear, OpenWrt only runs telnet on initial setup to let you set a root password. Tessel uses the USB connection through the coprocessor instead, so doesn't need telnetd for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The most impactful improvement would be to make clearer connections between what features Tessel provides and how a user can take advantage of those features to best secure their own device. I have specific examples in-line. Excited for this post!
@@ -0,0 +1,52 @@ | |||
# Tessel's Security Scorecard | |||
|
|||
In late October of 2016, an estimated 100,000 Internet-connectied devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: connectied --> connected
|
||
In late October of 2016, an estimated 100,000 Internet-connectied devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. | ||
|
||
Now that it is known how Mirai managed to infect all of these Internet-connected devices, Sparkfun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). The Tessel team has always been proud of the Tessel 2's out-of-the-box experience, so we wanted show off the board's security scorecard based on Sparkfun's list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Now that it is known how" leaves me wondering: how? Is Sparkfun's list a comprehensive enumeration of the ways that Mirai got onto the devices?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From SparkFun's article:
Mirai scans for connected Internet of Things (IoT) devices running some form of embedded Linux, including routers. It then attempts to “log in” to the device using some 60 known factory default usernames and passwords. Once in, Mirai infects the machine, turning it into a “bot” for use by the attacker and continues scanning for other connected IoT devices. The source code for Mirai was released in October.
Without bringing in this whole summary, because I think folks should read the article as well, I will reference that Mirai has been open sourced. That allows us to know how it managed to infect those devices.
|
||
In late October of 2016, an estimated 100,000 Internet-connectied devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. | ||
|
||
Now that it is known how Mirai managed to infect all of these Internet-connected devices, Sparkfun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). The Tessel team has always been proud of the Tessel 2's out-of-the-box experience, so we wanted show off the board's security scorecard based on Sparkfun's list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second sentence feels a little non sequitur– I see the "out of the box experience" as the unboxing-to-successful-project experience, which seems tangential to security. The proud phrasing (accurate though it is) also feels like a foregone conclusion: we are writing this to show you that it is good.
I would suggest phrasing like: "We checked the Tessel 2 against Sparkfun's security scorecard to see if an out-of-the-box Tessel is vulnerable to a Mirai-type attack"
In late October of 2016, an estimated 100,000 Internet-connectied devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. | ||
|
||
Now that it is known how Mirai managed to infect all of these Internet-connected devices, Sparkfun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). The Tessel team has always been proud of the Tessel 2's out-of-the-box experience, so we wanted show off the board's security scorecard based on Sparkfun's list. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Header: Sparkfun's list
|
||
> The best possible safeguard against hackers is to simply not have the device available for them. | ||
|
||
You control where to power Tessel and even how to power it. Battery, wall socket, or personal computer, you can unplug Tessel anytime. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make a more direct connection to how the ability to change T2's power source leads to better device security? It seems to me like Sparkfun is saying "a safe IoT device is a device that's not turned on", which I don't think is what we want from control over Tessel's power options.
|
||
> The biggest security flaw in UPnP is that programs inside your network can automatically request port forwarding from the router. | ||
|
||
We ship Tessel without any support for UPnP, as evidenced by the [config files in our `openwrt-tessel` repo](https://github.com/tessel/openwrt-tessel/tree/master/files/etc/config). OpenWRT requires the [miniupnpd package and corresponding config file](https://wiki.openwrt.org/doc/howto/upnp) to enable UPnP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have backstory to this? Was UPnP disincluded specifically for security purposes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm adding a link to the OpenWRT recommendation to not enable UPnP and using it as our reason for not supporting it out-of-the-box.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The OpenWrt miniupnp
package is an UPnP server, that is, the thing that listens to UPnP requests on the router and sets up port forwarding and firewall rules. Independent of any security implications of UPnP, the reason T2 doesn't include it is because Tessel isn't intended to be used as a router, so it makes no sense to include it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A Tessel's role in a UPnP system would likely be as a client, requesting that an upstream router map an external port to it, and well, that's something for the user writing the code for it to include or exclude.
|
||
> Mirai actually did its dirty work by trying to access a device through Telnet or SSH using default credentials. | ||
|
||
We literally have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). That process can only happen using `t2-cli` over a physical, USB connection, meaning no root access for rouge, third-party bots scavenging the Internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/literally/currently (or remove)
|
||
> Mirai actually did its dirty work by trying to access a device through Telnet or SSH using default credentials. | ||
|
||
We literally have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). That process can only happen using `t2-cli` over a physical, USB connection, meaning no root access for rouge, third-party bots scavenging the Internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be worth mentioning that we're against SSH with password, which is why we require the more secure key exchange
|
||
## Wrap Up | ||
|
||
Thank you Sparkfun for sharing that awesome post. Be sure to review all your Internet-connected devices' security scorecard and rest assured that the Tessel project is focused on keeping our boards secure. Check out the [Johnny-Five Inventor's Kit](https://www.sparkfun.com/products/13847) to start creating your own IoT projects and experiment. Join the [Tessel community](https://tessel.io/community) to learn more about what other people are building and how to start contributing to the Tessel project. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be "Thank you, Sparkfun, ..."
|
||
## Wrap Up | ||
|
||
Thank you Sparkfun for sharing that awesome post. Be sure to review all your Internet-connected devices' security scorecard and rest assured that the Tessel project is focused on keeping our boards secure. Check out the [Johnny-Five Inventor's Kit](https://www.sparkfun.com/products/13847) to start creating your own IoT projects and experiment. Join the [Tessel community](https://tessel.io/community) to learn more about what other people are building and how to start contributing to the Tessel project. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need a paragraph break before "Check out the Johnny..."
78514dd
to
98f0abd
Compare
|
||
> Another interesting aspect of some malware like Mirai is that it only lives in volatile memory (e.g., RAM). That means simply turning off the device and turning it back on again will rid it of the malware | ||
|
||
When you deploy your project to T2's Flash memory, consider including a periodic auto-reboot to clear anything that may have been introduced to RAM. This is easy with the Tessel [power management API](https://tessel.gitbooks.io/t2-docs/content/API/Hardware_API.html#board). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The link in this paragraph is dependent on a t2-docs PR to be merged first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand how this section applies to Tessel. T2 has a writable root filesystem overlay, so changes are persisted across reboots.
@Frijol Thank you for the thorough review. The post is more clearly connected to Tessel's advantages as a board and project. |
@@ -0,0 +1,57 @@ | |||
# Tessel's Security Scorecard | |||
|
|||
In late October of 2016, an estimated 100,000 Internet-connected devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
an estimated 100,000 Internet-connected devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS
Can you find a concrete, credible source for this and link to it via footnote (or inline)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mirai
Link to it
|
||
In late October of 2016, an estimated 100,000 Internet-connected devices were used by a group of hackers to attack DNS services as a distributed denial-of-service (DDoS). These devices, mostly routers, printers, and IP cameras, were infected with malware called Mirai, allowing the hackers to take control of those devices and cause outages for major services, like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times. | ||
|
||
Since the attack, Mirai's source code has been released and revealed how it managed to infect all of these Internet-connected devices. With this knowledge, SparkFun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). We checked the Tessel 2 against SparkFun's security scorecard to see if an out-of-the-box Tessel is vulnerable to a Mirai-type attack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mirai's source code has been released and revealed
Link to it
|
||
> The best possible safeguard against hackers is to simply not have the device available for them. | ||
|
||
You may not need to directly unplug your Tessel in order to follow this tip. Instead, you can use Tessel's [network API](https://tessel.gitbooks.io/t2-docs/content/API/Network_API.html#wifi) and control when the board is connected to your network. It could be programmed to disconnect from the network during certain times of day or night, or through some type of hardware control, like a big red button shown in SparkFun's article. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and control
"to control"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It could be programmed
"The Tessel can be programmed"
|
||
> Another interesting aspect of some malware like Mirai is that it only lives in volatile memory (e.g., RAM). That means simply turning off the device and turning it back on again will rid it of the malware | ||
|
||
When you deploy your project to T2's Flash memory, consider including a periodic auto-reboot to clear anything that may have been introduced to RAM. This is easy with the Tessel [power management API](https://tessel.gitbooks.io/t2-docs/content/API/Hardware_API.html#board). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
T2
If you want to call it "T2", then you should define that earlier in the article, otherwise continue calling it "Tessel"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kevinmehall does this clarify:
- Rebooting a Tessel 2 that has an application deployed to Flash memory, which is also writing to the filesystem in the Flash memory is persisted and will not clear those bits
- Rebooting a Tessel 2 that has an application deployed to RAM, which is also writing to the filesystem in RAM, will reset those bits
- Rebooting a Tessel 2 that has an application deployed to Flash memory, but which is writing to RAM (eg.
/tmp/
), will reset those bits located in RAM
|
||
> Seriously, if you do only one thing to secure your device, do this. | ||
|
||
Tessel 2 doesn't come with a default password because of this specific security consideration. Our [provisioning system](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan) is the only way to access the root system of Tessel over a network and requires a physical, USB connection to set up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tessel 2
Pick one and use it throughout:
- Tessel
- Tessel 2
- T2
|
||
### Update Firmware | ||
|
||
> it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion
"... it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion."
- adds elision ellipsis at start
- adds period at end
|
||
> it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion | ||
|
||
Tessel runs an open-source, embedded Linux distribution called [OpenWRT](https://openwrt.org), an actively maintained projects with frequent updates. We watch for security patches and keep our [version](https://github.com/tessel/openwrt-tessel) updated as needed. Once these updates are released, the [Tessel CLI](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#how-do-i-know-if-i-need-to-update-my-t2) will automatically inform you when it's available. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
projects
"project"
|
||
Since the attack, Mirai's source code has been released and revealed how it managed to infect all of these Internet-connected devices. With this knowledge, SparkFun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). We checked the Tessel 2 against SparkFun's security scorecard to see if an out-of-the-box Tessel is vulnerable to a Mirai-type attack. | ||
Since the attack, [Mirai's source code has been released](https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/) and revealed how it managed to infect all of these Internet-connected devices. With this knowledge, SparkFun wrote about ["5 Easy Ways to Secure Your IoT Devices"](https://www.sparkfun.com/news/2264). We checked the Tessel against SparkFun's security scorecard to see if an out-of-the-box Tessel is vulnerable to a Mirai-type attack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great! I have a couple of suggestions, but nothing blocking. Thanks for all your hard work on this :)
|
||
### Unplug It | ||
|
||
> The best possible safeguard against hackers is to simply not have the device available for them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a quote from Sparkfun's article? Make attribution clear if it is
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Every section contains a quote from the corresponding step in the SparkFun article. Do I add attribution below each of the quotes?
|
||
> Seriously, if you do only one thing to secure your device, do this. | ||
|
||
Tessel doesn't come with a default password because of this specific security consideration. Our [provisioning system](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan) is the only way to access the root system of Tessel over a network and requires a physical, USB connection to set up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(it also uses RSA rather than password)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good note, will add.
### Update Firmware | ||
|
||
> ... it won’t be long before we start seeing attacks that target IoT services and open ports as potential means for intrusion. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That section in the T2 CLI docs is really nice, I didn't know we had that! Though it doesn't mention in those docs that it will show up automatically
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made an issue on that tessel/t2-docs#146
|
||
> Mirai actually did its dirty work by trying to access a device through Telnet or SSH using default credentials. | ||
|
||
We have a commit to our `openwrt-tessel` repo to [disable telnet](https://github.com/tessel/openwrt-tessel/blob/master/files/etc/init.d/telnet). As mentioned before, `ssh` is not disabled but it is only allowed by devices [provisioned with a shared key](https://tessel.gitbooks.io/t2-docs/content/API/CLI.html#lan). The Tessel team is against `ssh` with passwords, which is why we require that shared key creation through `t2-cli` over a physical, USB connection, meaning no root access for rogue, third-party bots scavenging the Internet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it important to point to the specific commit? It makes me think it's in a PR and not safe yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I like showing how earlier on this decision was made.
It makes me think it's in a PR and not safe yet.
I don't understand that assumption. I could point to the file itself instead.
Thanks again for the review, @Frijol. I'm going to wait until this t2-docs PR is merged before prepping this to publish. |
I got some initial thoughts down and would love help with the details.