Policy suggestion for charm store regarding config.yaml and passwords...
Mark Shuttleworth
mark at ubuntu.com
Tue Mar 20 07:28:11 UTC 2012
On 20/03/12 06:44, Clint Byrum wrote:
> I'd like to suggest that we add another restriction for charm store
> inclusion, and wanted to ask for greater feedback on it.
>
> I've seen a number of charms which have a default password in config.yaml.
>
> This seems like a recipe for disaster, as the popularity of juju will
> mean bots setup to take advantage of default passwords.
>
> So, I'd like to suggest that we explicitly state that this is not allowed,
> and fix all the current one.
>
+1. Would it be worth having a mechanism to create passwords during
installation and securely send them back to the place the deployment was
invoked? So, say I deploy MySQL and in the process it generates a
password for the admin user, that password is then in something like
.juju/environments/passwd as service:name:DSsadasdeaEWEAsad? On the
desktop we have a keychain that would be relevant, but I'm not sure what
the server equivalent is.
Mark
More information about the Juju
mailing list