User talk:Sb1: Difference between revisions
No edit summary |
No edit summary |
||
Line 15: | Line 15: | ||
::That third-party apkovl solution works on any Alpine platform it is not limited to Pi-thing: I've been successfully using it on x86_64, x86,... So referring to it from main install page makes sense --[[User:Alpwik|Alpwik]] ([[User talk:Alpwik|talk]]) 15:07, 21 May 2023 (UTC) | ::That third-party apkovl solution works on any Alpine platform it is not limited to Pi-thing: I've been successfully using it on x86_64, x86,... So referring to it from main install page makes sense --[[User:Alpwik|Alpwik]] ([[User talk:Alpwik|talk]]) 15:07, 21 May 2023 (UTC) | ||
* That headless.apkovl has too many security complaints filed, and unfortunately the author has not yet chosen to take the secure-defaults-first approach. The overlay makes user accept publicly shipped "private"(not) keys, by default, and continues starting that unsecured sshd root login server after an installation, by default. Obviously wrong things, but the issues that got filed are hidden as "closed" without actually fixing the wrong behavior. That was the reason for the link removal, to not have users directed to it, at least not without prominent warning. At the moment, sadly, instead of fixing the defaults, the github readme actually kind of hides the facts in in descriptive footnotes that do not mention the consequences. --[[User:Sb1|Sb1]] |
Revision as of 22:25, 22 May 2023
Hi,
I noticed your recent edits to Installation page made quite a development on an optional matter (headless config), that may still be of interest for many.
I can see a few downsides on how it stands now:
- instructions for an optional thing are becoming very long (and yet incomplete)
- described method requires quite some familiarity with Alpine, whereas this guide is intended for new comers
- that solution has several pitfalls (it will transfer all same settings to any server installed with said apkovl, etc...)
I'm not sure why a reference to a straightforward and working third-party solution is now removed from wiki.
Wiki is not official doc, and any mention does not express endorsement: quality external references are just fine in wiki. Referring to backdoor is irrelevant on this topic: it is not a good place to state personal judgement.
As for the longer option you describe, it may fit better into tutorial section where things could be detailed more.
Would you reconsider the edits in that part?
- We could add the link (https://github.com/macmpi/alpine-linux-headless-bootstrap) to the main Raspberry Pi page. bbbhltz (talk) 15:18, 20 May 2023 (UTC)
- That headless.apkovl has too many security complaints filed, and unfortunately the author has not yet chosen to take the secure-defaults-first approach. The overlay makes user accept publicly shipped "private"(not) keys, by default, and continues starting that unsecured sshd root login server after an installation, by default. Obviously wrong things, but the issues that got filed are hidden as "closed" without actually fixing the wrong behavior. That was the reason for the link removal, to not have users directed to it, at least not without prominent warning. At the moment, sadly, instead of fixing the defaults, the github readme actually kind of hides the facts in in descriptive footnotes that do not mention the consequences. --Sb1