https://bugzilla.wikimedia.org/show_bug.cgi?id=50920
Web browser: ---
Bug ID: 50920
Summary: Bundle a pre-configured PuTTY
Product: Tools
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: MediaWiki-Vagrant
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
PuTTY is available as a single, standalone .exe file, 472 KB in size.
Jakub Kotrla's set of patches (available at http://jakub.kotrla.net/putty/)
make PuTTY read session configurations from disk rather than the Windows
Registry.
Because of this, and because the purpose of the machine is to provide a
lightweight, disposable development environment, the VM itself can be
configured quite insecurely.
Vagrant installations use a common, generic private/public key pair for SSH
access. (Remember that the Vagrant VM is networked via a private, virtual
ethernet interface that links it exclusively to the host, which is why this is
OK.) Because that's the case, the integrity of PuTTY isn't much of a concern.
We just have to make it clear that the bundled PuTTY is insecure by design and
inappropriate for any uses other than Vagrant. If we were really worried about
this we could build our own crippled executable.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
