The security of the puppetmaster is, indeed, important, although to varying degrees depending on the details of the implementation.
However, puppet itself does not manage modifications to the manifests on the masters - that's up to the implementation. I don't think it's inherently any safer to create 100's of points that must be secured (agents) rather than few (masters), so I disagree with the implication that masters should not be used because they are (if not properly configured) insecure. Another thing to consider here is when agents have different trust levels. If you send your manifests and secrets to every agent, then any agent can impersonate any other agent. At any rate, since you've brought this to puppet-dev, is there a specific change that you're recommending to puppet itself? Dustin -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev. For more options, visit https://groups.google.com/groups/opt_out.
