varnish security
Chris Hecker
checker at d6.com
Mon Jul 12 21:05:43 CEST 2010
> Uhm, no, you pointed to the message with the bogo-advisory and I do
> not seem to be able to find any ensuing discussion from there ?
Scroll down? Search for "Vendor Response", it's got your complete
email/rant. :)
Chris
On 2010/07/12 03:20, Poul-Henning Kamp wrote:
> In message<4C3AD9F6.8020307 at d6.com>, Chris Hecker writes:
>
>>> I pressume you also bothered to read the vendor response ?
>>
>> Of course. I was just pointing out the related thread.
>
> Uhm, no, you pointed to the message with the bogo-advisory and
> I do not seem to be able to find any ensuing discussion from there ?
>
>> Maybe a wiki page on varnish-cache.org on securing varnish would be
>> useful here. It could contain the thing about the file permissions
>> above, a short discussion of the CLI, etc. That would help, and
>> couldn't hurt.
>
> Yeah, our docs need work...
>
>> The Husqvarna analogy is slightly flawed since most people can't run
>> yum install husqvarna
>> and have one magically appear at their feet, gassed and ready to go. :)
>
> That argument would be much more convincing, if sites like this
> did not exist:
>
> http://www.baileysonline.com/search.asp?SKW=HVF%20390XP&catID=11443
>
> Poul-Henning
>
More information about the varnish-misc
mailing list