I guess this is what I'm saying:
1. Handrolling a system to manage SSH keys is easy, and handrolling a
system to manage SSL keys is hard. Therefore, tons of people use
handrolled SSH key management solutions.
Handrolling is hard, that is why you have certmaster in Func, yes :)
Hand-rolling not required.
2. Right now, the value of func is:
( SIMPLICITY OF INITIAL CONFIGURATION ) plus ( a few func modules )
But over time, the value of func will be:
( simplicity of initial configuration ) plus ( A TON OF FUNC MODULES )
Which means that there may come a time -- and I don't know when, and
maybe not for a while -- when people may want the value of the func
modules, but using their own extant trust mechanisms -- which are most
likely to be built around SSH.
Puppet and cfengine are certificate based also, and seem to be doing fine.
Func could perhaps do even better when we get Puppet to use external
(read Func) certs :)
But I've heard "cool, does it do SSH" a whole bunch of times now. Just
something to think about. And yes, I know, patches welcome. :)
I think this is an education issue.
Obviously in some cases, you are going to have that organizational
policy in place that says "no" to things like puppet and func, but I
think there are enough places that allow that sort of thing to where
it's not a huge concern.
That being said, should someone find a clean way to make it /also/
travel that way, we can look at it ... though the stuff on the ideas
list is too interesting to me to spend time on YetAnotherTransport as a
main priority.
Minion to Minion, the Web app for system-config, and lots of good
module/script ideas are on the pipe.
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
