On Wed, Apr 22, 2015 at 09:58:19PM +0100, Bobby Moss wrote:
I probably should have mentioned here that some work needs to go into packaging, maintaining & testing components in this way internally. Your link talks of downloading containers & binaries from unknown sources. That's certainly not a good idea!
Unfortunately most software engineers don't understand the full system end to end and what security means. When the build scripts for the software you might want to use do that then you're already screwed. This is really a good example of why you shouldn't let engineering lead on deployment.
There's a middle ground but blindly following what people say is a very very bad idea (as is suggesting different operating systems based on how secure they are, they're all insecure until you build some security into your system).
Adam