Policy suggestion for charm store regarding config.yaml and passwords...
clint at ubuntu.com
Tue Mar 20 06:44:29 UTC 2012
I'd like to suggest that we add another restriction for charm store
inclusion, and wanted to ask for greater feedback on it.
I've seen a number of charms which have a default password in config.yaml.
This seems like a recipe for disaster, as the popularity of juju will
mean bots setup to take advantage of default passwords.
So, I'd like to suggest that we explicitly state that this is not allowed,
and fix all the current one.
"Charm configs or the services they expose must not include default passwords."
More information about the Juju