Next steps with new review server

Ian Wienand iwienand at redhat.com
Thu Apr 8 05:43:33 UTC 2021


On Thu, Apr 01, 2021 at 02:35:32PM -0700, Clark Boylan wrote:
> I ended up double checking the mirror node and in
> mirror.ca-ymq-1.vexxhost.opendev.org:/etc/netplan/50-cloud-init.yaml
> you can see what we did there. Essentially we set dhcpv6 and
> accept-ra to false then set an address and routes. We should be able
> to do the same thing with the new review host if we can't figure
> anything else out.

> [3] https://launchpad.net/bugs/1844712

So we have a work around in production but also [3] being marked as an
open security bug.

Are we happy enough ignoring RA's is sufficient to overcome the issues
discussed in [3] for this service?  The concern mostly seemed to be a
targeted MITM attack; something which ssh host keys and SSL
certificates should cover?

-i




More information about the service-discuss mailing list