On Tue, Jul 16, 2013 at 10:47:28AM +0200, Florian Weimer wrote: > Do these images support instance data injection by default? Then we > need to make absolutely clear that it's unsafe to run them outside > an environment that filters instance data injection requests. For > example, these images must not be installed on a bare-metal system > connected to the public Internet, or used to set up guests on a > regular hypervisor. Absolutely. They use cloud-init and would be vulnerable to attack on any network running an EC2 or Nova compatible metadata service. (I do boot them on my own laptop, but I've configured the guest network carefully.) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
