pyjuju

Code review comment for lp:~hazmat/pyjuju/states-with-principals

states-with-principals
Merge into trunk

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2012-04-04:

Excerpts from Gustavo Niemeyer's message of Wed Apr 04 17:52:20 UTC 2012:
> On 2012/04/04 17:43:36, hazmat wrote:
> > The mir failed in part because of lack of appropriate security, and
> the
> > security concerns remain an issue to adoption.
>
> A broken implementation is a much more serious concern for adoption.
>

I think they are equally serious, and adoption will suffer on the backend
(as people get more serious) if the security is not handled. One side of
me says we should at least ship an insecure toy, so that people can try
it out. But the other hand says we already did that in 11.10, and doing
so again would only waste peoples' time who are actively looking to deploy
with juju. Perhaps its better that we ship secure with bugs than insecure
with less bugs, and push hard to fix those problems as they are found.

> > for reference this was the original spec
>
> https://code.launchpad.net/%7Ehazmat/juju/security-specification/+merge/63921
>
> "Needs Fixing on 2011-06-09"
>
> > what i'm asking for is direction wrt to your comments.. i've updated
> the
> > security branches and cleaned them up. If you'd like me to bring it up
> on
> > list, i'm happy to push the spec there. If its something that should
> be
> > dropped.. well then pls say that.. at this point clearly i'm not too
> > concerned about wasting time effort on dead code.
>
> Do you want me to say one more time? Sure: I think it is a bad idea to
> be merging massive changes for 12.04 at this stage. I would not do it. I
> would not be merging all those significant changes right before a
> release. It's supposed to be stable. Let's please not ship crack in
> 12.04.
>

I agree, I have been hoping we can take a mitigation strategy with some
lighter weight methods for the impending release. While its clear we're
not going to be in main, we should not ship something in universe or in
our PPA that will expose users to security problems in a non obvious way.

The problems in the late-landing features in the version we shipped for
11.10 should have taught us that we should really respect feature freeze
and spend that time testing rather than refactoring or adding on.

Perhaps we can defer the large impact that this work carries until
after 12.04 releases, and instead focus on just fixing the "wide open
zookeeper" problem with a minimal patch that just adds a basic ACL like
"anonymous can't do anything", and be able to pass generated credentials
to each node?

This would go a long way to making this version of juju safe for
production use, which will go a long way to people using and contributing
charms. Then we can look at shipping something either in an SRU if it
is appropriate for that, or if it breaks behavior, in a new "stable"
PPA for 12.04 users.

Excerpts from Gustavo Niemeyer's message of Wed Apr 04 17:52:20 UTC 2012:
> On 2012/04/04 17:43:36, hazmat wrote:
> > The mir failed in part because of lack of appropriate security, and
> the
> > security concerns remain an issue to adoption.
> 
> A broken implementation is a much more serious concern for adoption.
>

> > for reference this was the original spec
> 
> https://code.launchpad.net/%7Ehazmat/juju/security-specification/+merge/63921
> 
> "Needs Fixing on 2011-06-09"
> 
> > what i'm asking for is direction wrt to your comments.. i've updated
> the
> > security branches and cleaned them up. If you'd like me to bring it up
> on
> > list, i'm happy to push the spec there. If its something that should
> be
> > dropped.. well then pls say that.. at this point clearly i'm not too
> > concerned about wasting time effort on dead code.
> 
> Do you want me to say one more time? Sure: I think it is a bad idea to
> be merging massive changes for 12.04 at this stage. I would not do it. I
> would not be merging all those significant changes right before a
> release. It's supposed to be stable. Let's please not ship crack in
> 12.04.
>

This would go a long way to making this version of juju safe for
production use, which will go a long way to people using and contributing
charms.  Then we can look at shipping something either in an SRU if it
is appropriate for that, or if it breaks behavior, in a new "stable"
PPA for 12.04 users.

« Back to merge proposal