Comment on Anyone Can Push Updates to the DOGE.gov Website
homesweethomeMrL@lemmy.world 6 days agoMost websites run off of a server. They’re just using a “repeater” (CloudFlare Pages) to serve directly off of their Github or whatever which is sort of top-shelf slapdashery.
Not serious. Not competent.
sugar_in_your_tea@sh.itjust.works 6 days ago
What’s sloppy about it? Plenty of blogs and other static sites work that way. In fact, that’s largely how we do deployments at my company, we merge to a special branch and it triggers a deployment.
homesweethomeMrL@lemmy.world 6 days ago
Well, it’s sloppy for a government website. This is not a private enterprise running out of someone’s garage. There’s many reasons why that should not be an acceptable paradigm for posting government information.
If you’re running a sandwich shop or a metal working shop, posting your phone number and address through CloudFlare Pages is probably fine.
sugar_in_your_tea@sh.itjust.works 6 days ago
Neither is the company I work for. We’re not Amazon, but we handle billions of revenue, our users have very high risk jobs, and they are using our software more and more to do these high risk jobs. We have a lot of controls about how things get released (QA team, and every change is tested before and after deployment), we just use our source control to handle the actual deployment.
Whether it’s sloppy depends on their processes (i.e. who validates the change?), not the tools they use.
We don’t use Cloudflare Pages, but we do use automatic deployments, and pretty much anyone on the team can submit a change for deployment. It’ll get reviewed before going live, but that’s a limitation we’ve placed on the tools and process.
homesweethomeMrL@lemmy.world 6 days ago
No doubt your company has more invested in the domain name than a pointer to pages.dev, as well.
Do we think doge.gov has a QA group? Do we think there’s more than two people who review changes? Or that they even review changes at all?
The setup your company has and what this appears to be (it’s true, this is speculation) is probably vastly more than just “we both use git to manage production pushes”. I’d bet you company has spent a fair number of years getting to this point, and doge.gov has not even secured a proper certificate while suggesting they’re competent to handle the entire financial information of the United States Government.
criss_cross@lemmy.world 6 days ago
Yeah I think the static page thing was just there to illustrate how the coders reverse engineered the api and saw what was getting called.
I agree static content alone on CF isn’t “bad”. This perfectly illustrates why you have to have your API shit together when you go with this approach.