This is not a typical use case, I'd dare to say it borders on the pathological. We do run on the order of tens of thousands containers, but spread across a couple of thousand nodes.
-
-
Early days for the code, but getting uptake in a real industry. Cool.
-
I'm biased here, but just have a look at the code these folks are writing:https://github.com/advancedtelematic …
-
Let me put it this way. I’m hopeful *for* a future where we can say more than “just use TLS”. One isn’t impossible, just how we’ve been saying to achieve it doesn’t actually work in practice. Uptane’s young. But promising.
-
"Just use TLS" isn't easy nor necessarily useful when you think about it.https://twitter.com/caovc/status/1039768056493432832 …
-
(That tweet being about the current Ubuntu release btw. -
@ubuntu also doesn't manage to "just use TLS") -
Complete opposite approach here — I’m trying to drill into what’s really going on with “just use tls”. Is it more expensive? Is it operational? I put together https://github.com/dakami/jfe a while back and want to see it’s faults.
-
This started with “I can’t believe file oriented crypto failed” and it’s stupid, it effectively always does. But it’s true, there is resistance to universal TLS, so what’s the truth there?
-
Load balancing is often done on a DNS level, so every mirror (it's trivial to become a mirror) would need a certificate for the same address. If you start giving out certs in bulk you may as well not bother with TLS.. Checking file integrity is not a bad idea for this situation.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.