[ale] Containers... use?

Jim Kinney jim.kinney at gmail.com
Tue Sep 19 13:42:27 EDT 2017


SWEET! 
LDAP auth means my IPA process can be used to further brutalize, er,
um, manage user access to specialty locations as required.
On Tue, 2017-09-19 at 13:24 -0400, Niel Bornstein wrote:
> I'll also put this right here:
> 
> http://port.us.org/
> 
> On 09/19/2017 11:25 AM, Jerald Sheets wrote:
> > That’s what Jim and I were bantering about.  There’s “DockerHub”
> > which
> > provides baked images, and there are several official ones from the
> > vendors there.  You can also have your own space (a lot like
> > GitHub)
> > where you curate and manage your own images, and reference those
> > directly instead of the publicly managed ones by “God knows who”…
> > 
> > Check it out.
> > 
> > https://hub.docker.com/
> > 
> > 
> > —jms
> > 
> > 
> > > On Sep 19, 2017, at 9:57 AM, Jeff Hubbs <jhubbslist at att.net
> > > <mailto:jhubbslist at att.net>> wrote:
> > > 
> > > I was referring to the first one. I'm trying to get used to the
> > > notion
> > > of a package management system that runs underneath or beside the
> > > operating system's.
> > > 
> > > On 9/18/17 5:25 PM, lnxgnome wrote:
> > > > Jeff,
> > > > 
> > > >   Are you asking about Anaconda https://www.anaconda.com/ or
> > > > Anaconda
> > > > https://fedoraproject.org/wiki/Anaconda ?
> > > > 
> > > >   For the first, there is...
> > > > https://github.com/ContinuumIO/docker-images/tree/master/anacon
> > > > da
> > > >   For the second, there is...
> > > > http://atodorov.org/blog/2015/10/28/building-docker-images-with
> > > > -anaconda/
> > > > 
> > > > 
> > > > On 20170918 12:49 PM, Jeff Hubbs wrote:
> > > > > Can someone help characterize for me how Anaconda fits into
> > > > > this
> > > > > whole container business?
> > > > > 
> > > > > On 9/18/17 11:52 AM, Jim Kinney wrote:
> > > > > > I'm very close to the point of isolating my docker junkies
> > > > > > in every
> > > > > > possible way and letting their stuff get broken into. That
> > > > > > will be
> > > > > > the only way to get the political leverage to be able tell
> > > > > > a PhD
> > > > > > faculty "NO. It ALL runs through me and upstream university
> > > > > > security. No exception."
> > > > > > 
> > > > > > On September 18, 2017 9:34:37 AM EDT, Solomon Peachy
> > > > > > <pizza at shaftnet.org> wrote:
> > > > > > 
> > > > > >     On Mon, Sep 18, 2017 at 09:18:46AM -0400, Jerald Sheets
> > > > > > wrote:
> > > > > > 
> > > > > >         All containers should be curated by Systems. The
> > > > > > Developers
> > > > > >         should submit them for security scanning, or you
> > > > > > should
> > > > > >         employ a DevSecOps model for deployment. i.e.,
> > > > > > federate
> > > > > >         security scanning by providing OS, App, transport,
> > > > > >         penetration, and network security testing as APIs
> > > > > > that devs
> > > > > >         can leverage instead of leaving them to security.
> > > > > > Left to
> > > > > >         their own devices, unreasonable deploy timelines
> > > > > > set for
> > > > > >         them, and golf-playing pointy-hairs with
> > > > > > unreasonable ship
> > > > > >         date requirements, it’ll never happen. 
> > > > > > 
> > > > > > 
> > > > > >         This should all be automated and part of a security
> > > > > > CI/CD
> > > > > >         pipeline without which a “pass” from the security
> > > > > > field,
> > > > > >         cannot ever be deployed into production. This is
> > > > > > how we do it. 
> > > > > > 
> > > > > > 
> > > > > >     The unspoken assumption here is that your needs are
> > > > > > sufficient to make 
> > > > > >     this (completely necessary!) administrative overhead
> > > > > > worthwhile.  
> > > > > > 
> > > > > >     Unfortunately, much like VMs before, most shops just
> > > > > > "download an image" 
> > > > > >     from the likes of DockerHub and then deploy it, with no
> > > > > > real thought
> > > > > >     towards ongoing maintainence or security
> > > > > > concerns.  Because those cost
> > > > > >     time/effort -- and therefore and money.
> > > > > > 
> > > > > >      - Solomon </grumble>
> > > > > > 
> > > > > > 
> > > > > > -- 
> > > > > > Sent from my Android device with K-9 Mail. All tyopes are
> > > > > > thumb
> > > > > > related and reflect authenticity.
> > > > > > 
> > > > > > 
> > > > > > _______________________________________________
> > > > > > Ale mailing list
> > > > > > Ale at ale.org
> > > > > > http://mail.ale.org/mailman/listinfo/ale
> > > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > > http://mail.ale.org/mailman/listinfo
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://mail.ale.org/mailman/listinfo/ale
> > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > http://mail.ale.org/mailman/listinfo
> > > > 
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Ale mailing list
> > > > Ale at ale.org
> > > > http://mail.ale.org/mailman/listinfo/ale
> > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > http://mail.ale.org/mailman/listinfo
> > > 
> > > 
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org <mailto:Ale at ale.org>
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > 
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> > 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170919/bedac5a8/attachment.html>


More information about the Ale mailing list