Open stub42 opened 8 years ago
I've got some prelim code to wrap the services in charms. I should be able to switch back to this next week and land this. I'll get everything together and coordinate with @marcoceppi to do a launch during off-peak hours.
Are there plans to fix this soon? Seems pretty serious, considering that charm hooks run as root. Can we get Let's Encrypt set up on whatever machine is hosting this site?
@cmars there is, sorry I'm booked solid with demo prep, and the last few months have been hectic. The last deploy as a charm went sideways and i haven't picked it back up sicne. I'll move this behind traefik with automagic letsencrypt support. sound good? Give me a few more days to let the dust settle. Nobody else has stepped up to even tackle the issue comments yet.. and I apologize for the length of time it's taken to complete this line item, its up there but not the #1 burning fire for my team at the moment.
'charm build' looks up layers and interfaces using plain HTTP from http://interfaces.juju.solutions, and is subject to various attacks potentially injecting malicious code into generated charms.