jimmykarily
commented
3 months ago Crazy idea (?) : implement a very lightweight editor in kairos-agent and get rid of all others.
Open mauromorales opened 3 months ago
jimmykarily
commented
3 months ago Crazy idea (?) : implement a very lightweight editor in kairos-agent and get rid of all others.
jimmykarily
commented
3 months ago @antongisli how important is this? I mean, is there a security audit or something that needs this to be addressed?
antongisli
commented
3 months ago There should be an option to have NO editor. Production systems should not have editors on them, period. I understand for development it's useful, but once design is finished, those systems should be hardened. No audit - just security best practice and pretty much what any vendor does for edge devices
When a user with BYOI passes their base image through the factory, we should only install packages required by kairos to function. No "extras" should be added like nano, vim, or anything else that the user did not request.
IMO we should split
images/Dockerfile.ubuntuinto something likeimages/Dockerfile.ubuntu-factoryandimages/Dockerfile.ubuntu-base(or a better name) where the former only contains packages that are required to convert any image into a Kairos distro, while the latter will be used as--BASE_IMAGE=ubuntu-base.