Code review comment for lp:~hazmat/pyjuju/states-with-principals

Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

On Wed, Apr 4, 2012 at 15:43, Clint Byrum <email address hidden> wrote:
> I think they are equally serious, and adoption will suffer on the
backend
> (as people get more serious) if the security is not handled. One side
of
> me says we should at least ship an insecure toy, so that people can
try
> it out. But the other hand says we already did that in 11.10, and
doing
> so again would only waste peoples' time who are actively looking to
deploy
> with juju. Perhaps its better that we ship secure with bugs than
insecure
> with less bugs, and push hard to fix those problems as they are found.

This was a great topic for us to have had at the last UDS. It's now
time to ship 12.04, which was supposed to be a stable release, in my
humble opinion.

> Perhaps we can defer the large impact that this work carries until
> after 12.04 releases, and instead focus on just fixing the "wide open
> zookeeper" problem with a minimal patch that just adds a basic ACL
like
> "anonymous can't do anything", and be able to pass generated
credentials
> to each node?

That sounds less complex and thus preferable as an entry point. It was
once the whole point of that never-used admin-secret setting, by the
way.

That said, I'd still postpone that to 12.04.1. It's time to stop
changing
juju and preparing for an actual release. I can use juju in EC2 knowing
zookeeper is open. I won't use juju anywhere if it breaks all the time.

https://codereview.appspot.com/5966076/

« Back to merge proposal