csteipp added a comment. Only thing left here is,
> Since we know that we're running a more risky environment than most > Blazegraph users, it would be nice if we could ensure that if it's > compromised, the attacker can't start attacking the cluster. @Joe, I know ops > isn't too fond of creating many new subnets for our services, but since we're > starting from scratch, is this a case where we can put the boxes on a > dedicated subnet and make sure the other mediawiki infrastructure isn't > directly routable from there? @Joe / @MoritzMuehlenhoff, is this possible? Or are you comfortable with the setup we have now? TASK DETAIL https://phabricator.wikimedia.org/T90115 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: csteipp Cc: MoritzMuehlenhoff, GWicke, Thompsonbry.systap, Smalyshev, Joe, Liuxinyu970226, csteipp, Beebs.systap, Haasepeter, Aklapper, Manybubbles, jkroll, Wikidata-bugs, Jdouglas, aude, daniel, JanZerebecki, Krenair _______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
