On Mon, Jul 02, 2012 at 10:13:51PM +0200, Jan Ivar Beddari wrote: > On 02. juli 2012 17:26, Darryl Wisneski wrote: > > > > Regards, > > -dkw > > Ouch, sorry Darryl, I hit the wrong button and posted what I thought of > as a private veeeeery quick reply to you .. right on the list.
Jan: I too am sorry I stole the thread. I had best intentions, alas I got carried away. I am interested in learning how you structured your hiera data and dealt with puppet code with the use of no/limited facts. The security point is well taken. At some point though, there has to be trust (obviously). General security best-practice considers mitigating procedures (such as IDS, file integrity monitoring (aide), and regular patching) your best attempt to avoid placing too much trust in the management tool. Regards, -dkw > > Now at least everyone sees my honest-to-god thoughts on the matter. And > the scope of the message becomes a bit more broad. Might even be worth > starting a new thread. > > To the OP, sorry for being such a thread crasher. As to your question I > think the answers you got are OK but hopefully you understand what > caveats there might be security-wise. > > best, > Jan Ivar > > -- > http://www.uib.no/personer/Jan.Ivar.Beddari > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.