On Sun, 13 Jan 2008, Michael DeHaan wrote:
whereas *no one* has a decent system for managing ssl keys.
Actually, we do :)
Well, right. That's my point. You're the only ones who *are* doing good
SSL key management (well, you and the puppet folks from whom you've
shamelessly ripped it off, heh.)
I would argue the converse ... that no one really has a good system for
SSH key deployment. That is pain, which is why Func is so nice.
I guess this is what I'm saying:
1. Handrolling a system to manage SSH keys is easy, and handrolling a
system to manage SSL keys is hard. Therefore, tons of people use
handrolled SSH key management solutions.
2. Right now, the value of func is:
( SIMPLICITY OF INITIAL CONFIGURATION ) plus ( a few func modules )
But over time, the value of func will be:
( simplicity of initial configuration ) plus ( A TON OF FUNC MODULES )
Which means that there may come a time -- and I don't know when, and maybe
not for a while -- when people may want the value of the func modules, but
using their own extant trust mechanisms -- which are most likely to be
built around SSH.
But I've heard "cool, does it do SSH" a whole bunch of times now. Just
something to think about. And yes, I know, patches welcome. :)
--g
--
Greg DeKoenigsberg
Community Development Manager
Red Hat, Inc. :: 1-919-754-4255
"To whomsoever much hath been given...
...from him much shall be asked"
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
