[Bugs] [Bug 1498151] New: Move download server and salt-master to the community cage

[bugzilla at redhat.com]

https://bugzilla.redhat.com/show_bug.cgi?id=1498151

            Bug ID: 1498151
           Summary: Move download server and salt-master to the community
                    cage
           Product: GlusterFS
           Version: mainline
         Component: project-infrastructure
          Assignee: bugs at gluster.org
          Reporter: mscherer at redhat.com
                CC: bugs at gluster.org, gluster-infra at gluster.org



Description of problem:

Today, yet another rowhammer style attack paper went out, explaining 
https://arxiv.org/pdf/1710.00551.pdf (there is a link to the various papers)

While this is not a new attack, and I guess a rather complex one to mount, we
should mitigate the risk by moving the download server and the ansible
deployment in the cage. I heard about people using rowhammer to flip some bits
to bypass pam verification (no paper or conference have been published yet
afaik, so i wasn't able to evaluate the praticality). 

While rackspace is using ECC (or so do I hope, that's what lshw report) and
that's mitigating the attack to be a denial of service only, I would sleep
better at night if we moved the 2 servers out of rackspace and in the cage in
case improvements to the attack do get published.

The rest of the VM are not as critical as theses 2, even if the freeipa server
should also be moved.

I am already in the process of moving salt-master since some weeks, I just need
to finish the move.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.