On 2011-02-25 00:23, Nigel Kersten wrote:
> On Thu, Feb 24, 2011 at 3:05 PM, Thomas Bellman <[email protected]> wrote:
>> So if you
>> *do* have different plugins in different environments, and those
>> contain secrets the wrong client must not know, then I believe you
>> *are* screwed, because I don't think there is any workaround for
>> that. (Except actually fixing bug 3910 properly, by running the
>> external node classifier for each and every client request...)
>> Am I missing something?
> No, I think we were just talking about different aspects of this thread.
> Do you really have "secrets" in your plugins though? That feels like a
> design smell somehow.
*I* don't. Anything that I can't publish for the entire world goes
into a file-server module named "private", which serves host specific
files, including various passwords and private keys.
But I can't vouch for what anyone else does. And it depends on what
your standards for what should be kept secret is. For example, any
plugin that is not super-trivial is likely protected by copyright, and
you might not have the license to show that to all your clients.
Also, specialized facts, types, providers and functions can reveal
things about your, or your clients', organizations. If you have a
plugin for managing ACME bluetooth-controlled explosive tennis balls,
then someone seeing that plugin might A) guess that Wile E Coyote is
another of your clients, and B) suspect that Mr. Coyote is planning
to use that kind of device.
Just the information about which companies one has business dealings
with is considered sensitive information by some.
/Bellman
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
