On Sat, Sep 17, 2011 at 4:35 PM, Neil Williams wrote: > Just one little proviso on that: Plenty of devices which could use > Debian and many that already do use Debian provide absolutely no > connectivity outside the device and most of those are single-user > machines. ... > It is always worth reminding people about security though, who knows > what hardware upgrades someone will specify for version2 of such > devices....
Given their mention of Apache and LDAP I assumed this would be one of those network-facing software appliances that would be run in a VM or on any regular PC or server, not on the kind of devices Emdebian is used to dealing with. Thanks for your mail though, it was interesting to learn some more about the use-cases for Emdebian, a blog post about that would be good. One other thing I forgot to mention: ensure that you don't store any SSH/SSL or other private keys for encryption in the generic image. Private keys for encryption should always be created on a per-instance basis. Unfortunately this is a pretty common problem for pre-generated system images; especially for cloud/IaaS/PaaS and similar. I've also seen it happen in the mobile space; some distributions for the OpenMoko FreeRunner do this. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6GffkbdcR5MBH1gKH=obxrjevsgjb6xwljmitdczqz...@mail.gmail.com
