[ale] Containers... use?

James Taylor james.taylor at eastcobbgroup.com
Tue Sep 19 15:17:17 EDT 2017


And I’ll add this, if anyone’s interested…
-jt

James Taylor
james.taylor at eastcobbgroup.com <mailto:james.taylor at eastcobbgroup.com>
678-697-9420

> On Sep 19, 2017, at 1:42 PM, Jim Kinney <jim.kinney at gmail.com <mailto:jim.kinney at gmail.com>> wrote:
> 
> SWEET! 
> 
> LDAP auth means my IPA process can be used to further brutalize, er, um, manage user access to specialty locations as required.
> 
> On Tue, 2017-09-19 at 13:24 -0400, Niel Bornstein wrote:
>> I'll also put this right here:
>> 
>> http://port.us.org/ <http://port.us.org/>
>> 
>> On 09/19/2017 11:25 AM, Jerald Sheets wrote:
>>> 
>>> That’s what Jim and I were bantering about.  There’s “DockerHub” which
>>> provides baked images, and there are several official ones from the
>>> vendors there.  You can also have your own space (a lot like GitHub)
>>> where you curate and manage your own images, and reference those
>>> directly instead of the publicly managed ones by “God knows who”…
>>> 
>>> Check it out.
>>> 
>>> https://hub.docker.com/ <https://hub.docker.com/>
>>> 
>>> 
>>> —jms
>>> 
>>> 
>>>> 
>>>> On Sep 19, 2017, at 9:57 AM, Jeff Hubbs <jhubbslist at att.net <mailto:jhubbslist at att.net>
>>>> <mailto:jhubbslist at att.net <mailto:jhubbslist at att.net>>> wrote:
>>>> 
>>>> I was referring to the first one. I'm trying to get used to the notion
>>>> of a package management system that runs underneath or beside the
>>>> operating system's.
>>>> 
>>>> On 9/18/17 5:25 PM, lnxgnome wrote:
>>>>> 
>>>>> 
>>>>> Jeff,
>>>>> 
>>>>>   Are you asking about Anaconda https://www.anaconda.com/ <https://www.anaconda.com/> or Anaconda
>>>>> https://fedoraproject.org/wiki/Anaconda <https://fedoraproject.org/wiki/Anaconda> ?
>>>>> 
>>>>>   For the first, there is...
>>>>> https://github.com/ContinuumIO/docker-images/tree/master/anaconda <https://github.com/ContinuumIO/docker-images/tree/master/anaconda>
>>>>>   For the second, there is...
>>>>> http://atodorov.org/blog/2015/10/28/building-docker-images-with-anaconda/ <http://atodorov.org/blog/2015/10/28/building-docker-images-with-anaconda/>
>>>>> 
>>>>> 
>>>>> On 20170918 12:49 PM, Jeff Hubbs wrote:
>>>>>> 
>>>>>> Can someone help characterize for me how Anaconda fits into this
>>>>>> whole container business?
>>>>>> 
>>>>>> On 9/18/17 11:52 AM, Jim Kinney wrote:
>>>>>>> 
>>>>>>> I'm very close to the point of isolating my docker junkies in every
>>>>>>> possible way and letting their stuff get broken into. That will be
>>>>>>> the only way to get the political leverage to be able tell a PhD
>>>>>>> faculty "NO. It ALL runs through me and upstream university
>>>>>>> security. No exception."
>>>>>>> 
>>>>>>> On September 18, 2017 9:34:37 AM EDT, Solomon Peachy
>>>>>>> <pizza at shaftnet.org <mailto:pizza at shaftnet.org>> wrote:
>>>>>>> 
>>>>>>>     On Mon, Sep 18, 2017 at 09:18:46AM -0400, Jerald Sheets wrote:
>>>>>>> 
>>>>>>>         All containers should be curated by Systems. The Developers
>>>>>>>         should submit them for security scanning, or you should
>>>>>>>         employ a DevSecOps model for deployment. i.e., federate
>>>>>>>         security scanning by providing OS, App, transport,
>>>>>>>         penetration, and network security testing as APIs that devs
>>>>>>>         can leverage instead of leaving them to security. Left to
>>>>>>>         their own devices, unreasonable deploy timelines set for
>>>>>>>         them, and golf-playing pointy-hairs with unreasonable ship
>>>>>>>         date requirements, it’ll never happen. 
>>>>>>> 
>>>>>>> 
>>>>>>>         This should all be automated and part of a security CI/CD
>>>>>>>         pipeline without which a “pass” from the security field,
>>>>>>>         cannot ever be deployed into production. This is how we do it. 
>>>>>>> 
>>>>>>> 
>>>>>>>     The unspoken assumption here is that your needs are sufficient to make 
>>>>>>>     this (completely necessary!) administrative overhead worthwhile.  
>>>>>>> 
>>>>>>>     Unfortunately, much like VMs before, most shops just "download an image" 
>>>>>>>     from the likes of DockerHub and then deploy it, with no real thought
>>>>>>>     towards ongoing maintainence or security concerns.  Because those cost
>>>>>>>     time/effort -- and therefore and money.
>>>>>>> 
>>>>>>>      - Solomon </grumble>
>>>>>>> 
>>>>>>> 
>>>>>>> -- 
>>>>>>> Sent from my Android device with K-9 Mail. All tyopes are thumb
>>>>>>> related and reflect authenticity.
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> Ale mailing list
>>>>>>> Ale at ale.org <mailto:Ale at ale.org>
>>>>>>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Ale mailing list
>>>>>> Ale at ale.org <mailto:Ale at ale.org>
>>>>>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org <mailto:Ale at ale.org>
>>>>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org <mailto:Ale at ale.org> <mailto:Ale at ale.org <mailto:Ale at ale.org>>
>>>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org <mailto:Ale at ale.org>
>>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>> 
>> 
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org <mailto:Ale at ale.org>
>> http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170919/d61bf472/attachment.html>


More information about the Ale mailing list