potiuk commented on PR #13293:
URL: https://github.com/apache/cloudstack/pull/13293#issuecomment-4618505147
Thanks @DaanHoogland and @vishesh92 — pushed a revision folding the review
in:
- **Global-setting names corrected** to the real ones
(`enforce.post.requests.and.timestamps`, `proxy.header.verify` /
`proxy.header.names` / `proxy.cidr`, `ca.framework.cert.management.custom.san`,
`user.password.encoders.order` + `.exclude` with their defaults) and struck the
non-existent ones I'd guessed (`api.signature.version`,
`auth.password.algorithm`, `hash.user.password`,
`post.requests.and.timestamps.enforced`, the forward-header variants).
- `ca.plugin.root.auth.strictness`: documented as default-true on new
setups, false only on pre-Aug-2017 upgrades (PR #2239).
- Mgmt server modeled as single-instance **or** clustered;
`cloudstack-agent` per hypervisor host (dropped the wrong Hyper-V-as-agent
label); system VMs at the agent trust tier.
- Download links documented as unauthenticated UUID symlinks via Apache
httpd, removed after a period (timed availability = the mitigation) —
`BY-DESIGN`.
- noVNC noted as a vendored fork of novnc/novnc with CloudStack changes.
Two things I captured in-model as PMC follow-ups rather than acting on: the
download-token timed-removal behavior ("make sure/test this"), and the absence
of a vendored-dependency update procedure. The remaining §14 questions are the
open ones for the PMC to walk. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
