Re: running cfengine across firewall

[Christian Pearce]

I would say it is FUD mainly.  Most network administrators are familiar
with SSH at this point.  But cfengine is a completely different software
package that they don't know and don't trust.

We should come up with a document that explains the risks and compares
them to SSH.  And put together different use case scenarios.

Sounds like something that could be wiki'd up.

On Mon, 2005-01-31 at 02:38, Mark.Burgess@iu.hio.no wrote:
> I know that many folks think like this -- is it safe to open
> your firewall? But do you have any reason that your firewall
> software has any fewer bugs than cfengine might have? ;)
> 
> Ask youself *why* you don't want to open your firewall.
> 
> Mark
> 
> On 31 Jan, Tim Nelson wrote:
> > On Sun, 30 Jan 2005, Russell Adams wrote:
> > 
> >> Perhaps we should compare notes. ;]
> >>
> >> Then again, I should clarify. I only use rsync/ssh to transfer data
> >> back from my hosts, not to copy to them.
> >>
> >> Updates via rsync/ssh is a push type of solution, which I experimented
> >> with only briefly. I preferred pull vs push, and worked out another
> >> method using signed, per-host tarballs on a webserver.
> > 
> >     I agree that pull is better, but I didn't want to open my firewall 
> > :).  So I used push in this one case.
> > 
> >     :)
> > 
> 
> 
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
-- 
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com