Closed ayufan closed 4 years ago
ayufan: thank you for pointing these out! They are fixed in the next release, will leave open until I can get that pushed
Yes, but how you ensure that there are fixed in any future release? :)
Do you have checklist of items to validate before pushing images?
Yes :) And I have added the ssh clear and regen into the boot script to run only on first boot.
Resolved in latest release
It seems that images do ship a number of data that should not be part of:
/var/log
files.At least the 1. can be considered a security issue and bad practice: https://missingm.co/2013/07/identical-droplets-in-the-digitalocean-regenerate-your-ubuntu-ssh-host-keys-now/ and https://blog.digitalocean.com/avoid-duplicate-ssh-host-keys/.
I also wonder if images were trimmed.