Eric Windisch wrote: > Unfortunately, this won't be the end of vulnerabilities coming from this > "feature".
Indeed. I would like to see evil file injection die, and be replaced by cloud-init / config-drive. That's the safest way. If we can't totally get rid of file injection, I'd like it to be a clear second-class citizen that you should enable only if you absolutely need it. The first step towards that shinier future is to have a very solid and featureful config-drive implementation, which I hope Michael can complete in time for Folsom. Then maybe we can convert more people to a view of the world where direct file injection is not useful and should only be enabled as a last resort. -- Thierry Carrez (ttx) Release Manager, OpenStack _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
