search

guardian / machine-images

DEPRECATED: Scripts for building machine images (principally AMIs)
34 stars 7 forks source link

Make images public? #7

Open sihil opened 9 years ago

sihil commented 9 years ago

@philwills asked me earlier:

 Rather than share with all our known account numbers, why not just make them public?

I did't have a compelling answer, so we should definitely consider it.

adamnfish commented 9 years ago

Is it because it makes it obvious what versions of packages Guardian applications are currently running? Not sure this actually matters, but we're going to hear about another SSL vulnerability tomorrow (I gather) which is an example of when it might be helpful for people to not know when we last updated the AMIs / have the ability to take one of our images offline to check for issues at their leisure?

philwills commented 9 years ago

I'm not convinced obscurity helps in that situation. Blanket probes appear to me to be a lot more common attack vector and if you can do that, trying to tailor for a particular site doesn't seem to buy you much.

rich-nguyen commented 9 years ago

@sihil I think this whole repository becomes much more compelling if the images were public.

sihil commented 9 years ago

Interested in why that is @rich-nguyen. The build script currently makes it available for all guardian accounts to use so it doesn't make much difference to us IMHO.

I'd like to understand more about the implications of making it public though. One of the advantages of managing our own images is that they won't randomly disappear as Ubuntu images currently do. I suspect this happens because there are security issues with a given image (due to a package in the AMI). We could manage our own risk and timescales in these scenarios (perhaps detecting the disappearance of an upstream image).

If we were to make our images public would be legally liable for any downstream users? How do we announce any terms and conditions or licensing on an image? If there was a security issue would we be forced to pull it, or at least make it private to guardian AWS accounts again? If so, what are the consequences of not doing so "quickly enough"?

I'd say I'm erring on keeping it public, but if we can sort clarify the legal position then I'm open to making them public.

cb372 commented 9 years ago

Is it because it makes it obvious what versions of packages Guardian applications are currently running?

Just to point out the obvious, this GitHub repo is public, so anybody who's interested can make an educated guess at what versions of software we are running anyway :)