On Sat, Feb 15, 2014 at 12:42 PM, John Kinsella <j...@stratosec.co> wrote: > Interesting idea...I wouldn't use it but I wish you good luck in your > journey. ;) As Alex mentioned, would be curious to see the demand. >
I think its interesting. Currently all of the CMPs seem targeted for Linux. There is a massive world out there that doesn't use Linux - that said, I am not sure how applicable the entire IaaS-thing is to folks like that. > I try to avoid cygwin in production environments...it's great for desktops, > but just feels like a hack for production use, IMHO. > > The ssh part caught my attention, as that affects the security of the > secondary storage VM. > > Putty doesn't really want to be used for command-line key generation[1]. > > Take a look at libssh[2] - from a glance, that looks like it might be the > best approach. > > I'd recommend against taking crypto code from another project and adding into > ACS - at that point we have to monitor the origin project for patches and > apply as appropriate. > Please consider this a preemptive veto for anything that involves bundling crypto code from another project into our codebase. OK to use them as libraries, but putting their source in our repo is untenable in my opinion, not least because of the issues around compliance with export regulations around cryptography.
