Hello Folks,
I support keeping any additional security on my default. I would alctually
support having more security enabled by default in any cloud image since it
is most likely sitting on top of an environment you don't directly manage
(Amazon EC2).
Would it make more since to trigger an additional configuration dialog that
would help with fine-grained configuration of the images security features.
This could be a script based config triggered after Anaconda finished.
I know this would be yet another feature to develop and implement, but I
would prefer to have a cloud image "locked down" as much as possible by
default, but make it as simple as possible for a novice to disable features
they may not need.
This is a good debate though.
Wilbur
On Wednesday, September 11, 2013, Dennis Gilmore wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El Tue, 10 Sep 2013 23:36:01 -0400 (EDT)
Sam Kottler <skottler(a)redhat.com <javascript:;>> escribió:
> Greetings,
>
> Given the deny-by-default nature of security groups I think it makes
> sense to disable firewalld in the AMI's. I haven't seen any other
> AMI's that have a firewall enabled by default and we probably
> shouldn't break that pattern IMO.
>
> Thoughts?
Lets not, for one the image in EC2 is exactly the same image we make
available for download in any and every cloud provider or for use on
your local machine with a suitable local metadata service provider.
use in EC2 is only a portion of the use of the image.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
iEYEARECAAYFAlIwre4ACgkQkSxm47BaWfd//wCfbqOfJn2M8CKjcHCiLRd+9TsR
YvoAnRDY4/1A5bCONiR+QlVyHIVNyFs0
=3Pzs
-----END PGP SIGNATURE-----
_______________________________________________
cloud mailing list
cloud(a)lists.fedoraproject.org <javascript:;>
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
--
Wilbur K. Smith
wilbur.k.smith(a)gmail.com