You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@mesos.apache.org by Marc Roos <M....@f1-outsourcing.eu> on 2019/08/04 11:41:10 UTC
General interest question, are clients never questioning the dcos 'blob' distribution?
A year ago or so I tried to install dcos and test it a bit. What stuck
with me the most of this test, was that I got a shell script with a blob
inside, that I guess, would be dd'ed to a block device.
I take it in this blob are some default 'tools' like the kernel, shell
scripts, netfilter stuff, bridge toos, java etc.
I what I totally do not like about that is:
- how do I know dcos is updating these binaries on time?
- how do I know dcos is monitoring security updates on these tools and
applies them on time?
- how do I know the tools have not been 'infected' by malware when dcos
is packaging them?
(I know it is far-fetched, but still you do hear about development
environments being hacked)
Eg mesosphere has around 300 vs the 12000 employees of RedHat, and
RedHat's has made a core business of maintaining its Enterprise linux.
If you want to distribute a blob, why not then a rhel or centos one (eg
like Nutanix does). And create custom dcos rpms. This way you can give
clients the option to install your blob or only some specific dcos rpms.
This way clients can have some guartee that the os is secured via their
license subscription with RedHat.
Re: General interest question, are clients never questioning the dcos
'blob' distribution?
Posted by Benjamin Bannier <be...@mesosphere.io>.
Hi Marc,
This question does not seem to be related to Mesos at all, and you were probably looking for the DC/OS users list at https://groups.google.com/a/dcos.io/forum/#!forum/users.
Cheers,
Benjamin
ps. This is highly OT for this list, but you can find more information about DC/OS here, https://github.com/dcos/dcos. There you’ll e.g., see the artifacts Open DC/OS includes (https://github.com/dcos/dcos/tree/master/packages; does e.g., not include a kernel), and also tools to build DC/OS yourself from whatever sources you wish (https://github.com/dcos/dcos/blob/master/build_local.sh). I’d suggest you familiarize yourself somewhat with the project to get the most out of your interactions on the DC/OS mailing list.
> A year ago or so I tried to install dcos and test it a bit. What stuck
> with me the most of this test, was that I got a shell script with a blob
> inside, that I guess, would be dd'ed to a block device.
> I take it in this blob are some default 'tools' like the kernel, shell
> scripts, netfilter stuff, bridge toos, java etc.
>
> I what I totally do not like about that is:
>
> - how do I know dcos is updating these binaries on time?
> - how do I know dcos is monitoring security updates on these tools and
> applies them on time?
> - how do I know the tools have not been 'infected' by malware when dcos
> is packaging them?
> (I know it is far-fetched, but still you do hear about development
> environments being hacked)
>
> Eg mesosphere has around 300 vs the 12000 employees of RedHat, and
> RedHat's has made a core business of maintaining its Enterprise linux.
> If you want to distribute a blob, why not then a rhel or centos one (eg
> like Nutanix does). And create custom dcos rpms. This way you can give
> clients the option to install your blob or only some specific dcos rpms.
> This way clients can have some guartee that the os is secured via their
> license subscription with RedHat.
>
>
>
>
>
>
Re: General interest question, are clients never questioning the dcos
'blob' distribution?
Posted by moula BADJI <mo...@gmail.com>.
As Benjamin had said, it's for dcos/mesos users :
Good news for tomorrow Monday on dcos / mesos to fill the gap, I think.
Moula.
Le dim. 4 août 2019 à 13:41, Marc Roos <M....@f1-outsourcing.eu> a écrit :
>
> A year ago or so I tried to install dcos and test it a bit. What stuck
> with me the most of this test, was that I got a shell script with a blob
> inside, that I guess, would be dd'ed to a block device.
>
> I take it in this blob are some default 'tools' like the kernel, shell
> scripts, netfilter stuff, bridge toos, java etc.
>
> I what I totally do not like about that is:
>
> - how do I know dcos is updating these binaries on time?
> - how do I know dcos is monitoring security updates on these tools and
> applies them on time?
> - how do I know the tools have not been 'infected' by malware when dcos
> is packaging them?
> (I know it is far-fetched, but still you do hear about development
> environments being hacked)
>
> Eg mesosphere has around 300 vs the 12000 employees of RedHat, and
> RedHat's has made a core business of maintaining its Enterprise linux.
> If you want to distribute a blob, why not then a rhel or centos one (eg
> like Nutanix does). And create custom dcos rpms. This way you can give
> clients the option to install your blob or only some specific dcos rpms.
> This way clients can have some guartee that the os is secured via their
> license subscription with RedHat.
>
>
>
>
>
>
>