A year ago or so I tried to install dcos and test it a bit. What stuck 
with me the most of this test, was that I got a shell script with a blob 
inside, that I guess, would be dd'ed to a block device. 

I take it in this blob are some default 'tools' like the kernel, shell 
scripts, netfilter stuff, bridge toos, java etc.

I what I totally do not like about that is:

- how do I know dcos is updating these binaries on time?
- how do I know dcos is monitoring security updates on these tools and 
applies them on time?
- how do I know the tools have not been 'infected' by malware when dcos 
is packaging them?
  (I know it is far-fetched, but still you do hear about development 
environments being hacked)

Eg mesosphere has around 300 vs the 12000 employees of RedHat, and 
RedHat's has made a core business of maintaining its Enterprise linux.
If you want to distribute a blob, why not then a rhel or centos one (eg 
like Nutanix does). And create custom dcos rpms. This way you can give 
clients the option to install your blob or only some specific dcos rpms. 
This way clients can have some guartee that the os is secured via their 
license subscription with RedHat.


Reply via email to