Armon, This is an ingenious thought process by you. Going after the build process which is the root of the security vulnerability at the kernel level and hardening it is a master stroke. Secondly, in this Cloud self-service world we can automate this pipeline of version control and release channels and revocation of base image via the registry is masterful. That gives us control at the metadata level and tightens our provisioning security policy. I do want to see something similar around DNS vulnerabilities and how we can harden those entry points from an attacker getting access. Thats a different problem to solve.
Armon, This is an ingenious thought process by you. Going after the build process which is the root of the security vulnerability at the kernel level and hardening it is a master stroke. Secondly, in this Cloud self-service world we can automate this pipeline of version control and release channels and revocation of base image via the registry is masterful. That gives us control at the metadata level and tightens our provisioning security policy.
I do want to see something similar around DNS vulnerabilities and how we can harden those entry points from an attacker getting access. Thats a different problem to solve.
Very informative, thanks
Nice, thanks!
OMG i am goin to write a blog on packer soon
@@steve-at-yt sure steve
@@deckardshaw483 where is the blog post? I want to read it :)