Sat Jul 2 12:18:13 EDT 2016

distribution & ssh

I really want distribution, and I really don't want to put security at
a host boundary, but it seems that this is a "pick one" problem.

So I either figure out a way to bring this to user level, or learn to
live with host boundaries.  Looking into the future, host boundaries
are likely becoming more prominent, and looking at the security
landscape, local escalation is too hard to prevent.

Everyone else is aiming at host boundaries and remote security, why am
I insisting on user boundaries?

Current stance: improve host-level security by eliminating web, email
attack vectors into local code execution.