CFEngine Help: Re: Master to client security, signing?

2011-12-28 Thread no-reply
Forum: CFEngine Help Subject: Re: Master to client security, signing? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,24394,24437#msg-24437 Every system I can think of will have a point of failure somewhere. Defense in depth is the correct approach. Each client or poli

Re: Master to client security, signing?

2011-12-28 Thread Mark Burgess
On 12/28/2011 05:12 PM, Michael Gliwinski wrote: > On Wednesday 28 Dec 2011 14:07:30 Nick Anderson wrote: >> On 12/28/2011 07:13 AM, Michael Gliwinski wrote: >>> Another option which I'm considering now is to let managed nodes pull >>> from VCS directly into their own masterfiles and change policy

Re: Master to client security, signing?

2011-12-28 Thread Nick Anderson
On 12/28/2011 10:12 AM, Michael Gliwinski wrote: > Wouldn't that also be a problem for single cfengine "master" server (i.e. cf- > serverd)? Yes it would, but the nature of cfengine makes it easy to have multiple masters, having multiple replica version control servers usually isn't so easy. Jus

Re: Master to client security, signing?

2011-12-28 Thread Michael Gliwinski
On Wednesday 28 Dec 2011 14:07:30 Nick Anderson wrote: > On 12/28/2011 07:13 AM, Michael Gliwinski wrote: > > Another option which I'm considering now is to let managed nodes pull > > from VCS directly into their own masterfiles and change policy in > > update.cf to just copy locally into inputs/ m

Re: Master to client security, signing?

2011-12-28 Thread Nick Anderson
On 12/28/2011 07:13 AM, Michael Gliwinski wrote: > Hi, new to cfengine, so correct me if I'm talking nonsense. > Another option which I'm considering now is to let managed nodes pull from > VCS > directly into their own masterfiles and change policy in update.cf to just > copy locally into inpu

CFEngine Help: Re: SVN tricks

2011-12-28 Thread no-reply
Forum: CFEngine Help Subject: Re: SVN tricks Author: seanx Link to topic: https://cfengine.com/forum/read.php?3,24395,24432#msg-24432 I have just joined and I hope I will learn a lot of new information here. I admire the valuable information you offered in your article. Excellent submission very

Re: Master to client security, signing?

2011-12-28 Thread Michael Gliwinski
On Thursday 22 Dec 2011 20:51:51 Christopher Browne wrote: > On Thu, Dec 22, 2011 at 2:20 PM, Mark Burgess wrote: > > I like your analogy of the poisoned stream.? :-)? However, taking over a > > properly maintained signature is a much smaller vector than gaining > > access to the headwaters (espec