varnish security

Chris Hecker checker at d6.com
Mon Jul 12 21:05:43 CEST 2010


> Uhm, no, you pointed to the message with the bogo-advisory and I do
> not seem to be able to find any ensuing discussion from there ?

Scroll down?  Search for "Vendor Response", it's got your complete 
email/rant.  :)

Chris


On 2010/07/12 03:20, Poul-Henning Kamp wrote:
> In message<4C3AD9F6.8020307 at d6.com>, Chris Hecker writes:
>
>>> I pressume you also bothered to read the vendor response ?
>>
>> Of course.  I was just pointing out the related thread.
>
> Uhm, no, you pointed to the message with the bogo-advisory and
> I do not seem to be able to find any ensuing discussion from there ?
>
>> Maybe a wiki page on varnish-cache.org on securing varnish would be
>> useful here.  It could contain the thing about the file permissions
>> above, a short discussion of the CLI, etc.  That would help, and
>> couldn't hurt.
>
> Yeah, our docs need work...
>
>> The Husqvarna analogy is slightly flawed since most people can't run
>> yum install husqvarna
>> and have one magically appear at their feet, gassed and ready to go.  :)
>
> That argument would be much more convincing, if sites like this
> did not exist:
>
> 	http://www.baileysonline.com/search.asp?SKW=HVF%20390XP&catID=11443
>
> Poul-Henning
>



More information about the varnish-misc mailing list