
Chef-sugar stands its grounds against ICE contract - thiefmeister
https://github.com/igolman/chef-sugar
======
thiefmeister
They have some update. (looks like they are backtracking their original
statement.)

[https://blog.chef.io/2019/09/23/an-important-update-from-
che...](https://blog.chef.io/2019/09/23/an-important-update-from-chef/)

------
montypythonxxx
Chef's official stance remains unchanged. Their blogpost:
[https://blog.chef.io/2019/09/19/chefs-position-on-
customer-e...](https://blog.chef.io/2019/09/19/chefs-position-on-customer-
engagement-in-the-public-and-private-sectors)

~~~
pnako
> For context, we began working with DHS-ICE during the previous
> administration

That should have been Chef's only response, really. (That, and they still need
to explain how a former developer somehow managed to break something.)

~~~
LIV2
The most depressing part is that people will only care about what ICE are
doing until the next election

------
pnako
> Earlier today, a former Chef employee removed several Ruby Gems, impacting
> production systems for a number of our customers.

That's some horrendous infosec. Why would ICE or anyone use this? Can't Chef
use, err, Chef or something like that to remove all credentials as soon as
employees leave the organization?

~~~
mwarkentin
It was his own gem, hosted under his own account, not Chef's. It's apparently
just relied on by almost the entire Chef ecosystem, including Chef's own
systems.

------
thiefmeister
Quite rare to find projects standing its own ground .

