8 Apr
2021
8 Apr
'21
7:43 a.m.
On Thu, Apr 01, 2021 at 02:35:32PM -0700, Clark Boylan wrote:
I ended up double checking the mirror node and in mirror.ca-ymq-1.vexxhost.opendev.org:/etc/netplan/50-cloud-init.yaml you can see what we did there. Essentially we set dhcpv6 and accept-ra to false then set an address and routes. We should be able to do the same thing with the new review host if we can't figure anything else out.
So we have a work around in production but also [3] being marked as an open security bug. Are we happy enough ignoring RA's is sufficient to overcome the issues discussed in [3] for this service? The concern mostly seemed to be a targeted MITM attack; something which ssh host keys and SSL certificates should cover? -i