I believe most reason for concern with AIO is that it installs a separate version of ruby, openssl, and other applications and libraries on your system. These need upgrading, just like your system apps/libs, and Puppet may both expose you to different vulnerabilities, since their versions are likely different from your system's, and they may not patch in a timely fashion. If you're on something like Arch Linux, probably a very sensible concern. As you are stuck using EL6 still, it's probably more sensible to use AIO than relying on end-of-support versions of everything from the system, particularly ruby 1.8.7. IMO, your security posture can only improve by using AIO, regardless of what your infosec ninnies say :)
On Wednesday, June 8, 2016 at 5:06:10 AM UTC-4, Matt Larson wrote: > > I did try installing via the PC1 (AIO) repo, and it worked ok for me at > home. But like I said, can't do that at work. > > What is your main concern with AIO? I don't wanna make a bad step here. > At first, AIO sounded scary to me... like some alternative to rpm/yum (in > case of rhel-based distros), but it's still the same packaging mechanism, > just dedicated repos per collective release, yes? > > Thanks for your input, > Matt > > On Friday, June 3, 2016 at 6:10:01 PM UTC-4, jcbollinger wrote: >> >> >> >> On Friday, June 3, 2016 at 1:51:10 PM UTC-5, LinuxDan wrote: >>> >>> First Silly Question: Why ? >>> What do you need to do that cannot be done with the RPM's from a >>> Puppetlabs repo ? >>> >> >> If I were undertaking the exercise, it would be to avoid the AIO >> structure. I may one day undertake that exercise, but until now I have >> instead just avoided upgrading to Puppet 4. >> >> >> John >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/48e9a21e-7cb9-4dc4-9bdb-e4192152edae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
