Re: Debian as Software Appliance
On Sat, Sep 17, 2011 at 4:35 PM, Neil Williams wrote:
> Just one little proviso on that: Plenty of devices which could use
> Debian and many that already do use Debian provide absolutely no
> connectivity outside the device and most of those are single-user
> machines.
...
> It is always worth reminding people about security though, who knows
> what hardware upgrades someone will specify for version2 of such
> devices....
Given their mention of Apache and LDAP I assumed this would be one of
those network-facing software appliances that would be run in a VM or
on any regular PC or server, not on the kind of devices Emdebian is
used to dealing with. Thanks for your mail though, it was interesting
to learn some more about the use-cases for Emdebian, a blog post about
that would be good.
One other thing I forgot to mention: ensure that you don't store any
SSH/SSL or other private keys for encryption in the generic image.
Private keys for encryption should always be created on a per-instance
basis. Unfortunately this is a pretty common problem for pre-generated
system images; especially for cloud/IaaS/PaaS and similar. I've also
seen it happen in the mobile space; some distributions for the
OpenMoko FreeRunner do this.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: