User talk:Sb1: Difference between revisions
No edit summary |
No edit summary |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 15: | Line 15: | ||
::That third-party apkovl solution works on any Alpine platform it is not limited to Pi-thing: I've been successfully using it on x86_64, x86,... So referring to it from main install page makes sense --[[User:Alpwik|Alpwik]] ([[User talk:Alpwik|talk]]) 15:07, 21 May 2023 (UTC) | ::That third-party apkovl solution works on any Alpine platform it is not limited to Pi-thing: I've been successfully using it on x86_64, x86,... So referring to it from main install page makes sense --[[User:Alpwik|Alpwik]] ([[User talk:Alpwik|talk]]) 15:07, 21 May 2023 (UTC) | ||
* That headless.apkovl has too many security complaints filed, and unfortunately the author has not yet chosen to take the secure-defaults-first approach. The overlay makes users accept publicly shipped "private"(not) keys, by default, and continues starting that unsecured sshd root login server after an installation, by default. Obviously wrong things, but the issues that got filed are hidden as "closed" without actually fixing the wrong behavior. That was the reason for the link removal, to not have users directed to it, at least not without prominent warning. At the moment, sadly, instead of fixing the defaults, the github readme actually kind of hides the facts in in descriptive footnotes that do not mention the consequences. --[[User:Sb1|Sb1]] | |||
:: Ok, noted you are not happy with that solution, it's your own opinion. Please consider there are many different opinions out there (repo stars appreciations give some clues; you can discuss the topic there, etc...). This '''wiki is not a place for advocacy''', revenge statement or frustration expression: this does not help users and make things very confusing. Please consider reverting your last changes. --[[User:Alpwik|Alpwik]] ([[User talk:Alpwik|talk]]) 06:23, 23 May 2023 (UTC) | |||
::: Sorry both of you. It appears that I made a change on the page by accident. My son touched the keyboard when I wasn't looking. Please feel free to "undo" whatever I just change on the Installation page. [[User:Bbbhltz|bbbhltz]] ([[User talk:Bbbhltz|talk]]) 07:33, 23 May 2023 (UTC) | |||
:::: * The primary install wiki page for alpine would really not help users *learning to use alpine*, if just plugged with links to external packages, and worse if leaving out security relevant information. It's thus actually preferable to provide notes about imminent security facts and explaining the alternative of using the setup-alpine tools. Consequently, I looked up and added that information, which was missing in edits made by newly created user accounts. Concerning the topic of how to create an only-pre-configured headless install media, i.e. without a sshd that is already fully-configured for a particular system, I guess this would only need some one-liner to only set up starting the completion of the sshd install *after* the next boot (and then not doing an lbu commit after rebooting, to get a new sshd configuration for every new "headless" setup-alpine run after a reboot). --[[User:Sb1|Sb1]] |
Latest revision as of 14:24, 23 May 2023
Hi,
I noticed your recent edits to Installation page made quite a development on an optional matter (headless config), that may still be of interest for many.
I can see a few downsides on how it stands now:
- instructions for an optional thing are becoming very long (and yet incomplete)
- described method requires quite some familiarity with Alpine, whereas this guide is intended for new comers
- that solution has several pitfalls (it will transfer all same settings to any server installed with said apkovl, etc...)
I'm not sure why a reference to a straightforward and working third-party solution is now removed from wiki.
Wiki is not official doc, and any mention does not express endorsement: quality external references are just fine in wiki. Referring to backdoor is irrelevant on this topic: it is not a good place to state personal judgement.
As for the longer option you describe, it may fit better into tutorial section where things could be detailed more.
Would you reconsider the edits in that part?
- We could add the link (https://github.com/macmpi/alpine-linux-headless-bootstrap) to the main Raspberry Pi page. bbbhltz (talk) 15:18, 20 May 2023 (UTC)
- That headless.apkovl has too many security complaints filed, and unfortunately the author has not yet chosen to take the secure-defaults-first approach. The overlay makes users accept publicly shipped "private"(not) keys, by default, and continues starting that unsecured sshd root login server after an installation, by default. Obviously wrong things, but the issues that got filed are hidden as "closed" without actually fixing the wrong behavior. That was the reason for the link removal, to not have users directed to it, at least not without prominent warning. At the moment, sadly, instead of fixing the defaults, the github readme actually kind of hides the facts in in descriptive footnotes that do not mention the consequences. --Sb1
- Ok, noted you are not happy with that solution, it's your own opinion. Please consider there are many different opinions out there (repo stars appreciations give some clues; you can discuss the topic there, etc...). This wiki is not a place for advocacy, revenge statement or frustration expression: this does not help users and make things very confusing. Please consider reverting your last changes. --Alpwik (talk) 06:23, 23 May 2023 (UTC)
- * The primary install wiki page for alpine would really not help users *learning to use alpine*, if just plugged with links to external packages, and worse if leaving out security relevant information. It's thus actually preferable to provide notes about imminent security facts and explaining the alternative of using the setup-alpine tools. Consequently, I looked up and added that information, which was missing in edits made by newly created user accounts. Concerning the topic of how to create an only-pre-configured headless install media, i.e. without a sshd that is already fully-configured for a particular system, I guess this would only need some one-liner to only set up starting the completion of the sshd install *after* the next boot (and then not doing an lbu commit after rebooting, to get a new sshd configuration for every new "headless" setup-alpine run after a reboot). --Sb1