Re: [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation

From: David Schubert <david.schubert@xxxxxxxxxxxxxxxxx>
Date: Fri, 6 Sep 2019 09:15:17 +0200
Delivered-to: kuksa-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/kuksa-dev>
List-help: <mailto:kuksa-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/kuksa-dev>, <mailto:kuksa-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/kuksa-dev>, <mailto:kuksa-dev-request@eclipse.org?subject=unsubscribe>

Dear Robert, all,

Security / Architectural Issues

IMHO our build scripts for the AGL/Kuksa image are not meant to produce a productive and secure "product".
For example, the last time I checked you got an image with a single user (root) and default credentials. Furthermore, mosquitto is in its default configuration [1], so no SSL/TLS etc.

I'm not what we could mention under Usability Details. Every "feature" of meta-kuksa should have its own ReadMe. So, could we perhaps just add corresponding references?

All the best
David

[1] https://github.com/eclipse/kuksa.invehicle/blob/master/agl-kuksa/meta-kuksa/recipes-connectivity/mosquitto/files/mosquitto.conf

__________________________________________

Fraunhofer-Institut für Entwurfstechnik Mechatronik IEM
M.Sc. David Schubert
Wissenschaftlicher Mitarbeiter

Softwaretechnik und IT-Sicherheit
Zukunftsmeile 1
33102 Paderborn

Telefon: +49 5251 5465 -157
Fax: +49 5251 5465-102
david.schubert@xxxxxxxxxxxxxxxxx
https://www.iem.fraunhofer.de
__________________________________________

Von: Robert Höttger <robert.hoettger@xxxxxxxxxxxxxx>
An: kuksa-dev@xxxxxxxxxxx
Datum: 05.09.2019 15:15
Betreff: [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation
Gesendet von: kuksa-dev-bounces@xxxxxxxxxxx

Dear Eclipse Kuksa developers,

as discussed in our conference call today, please let me know if you are aware of any information regarding the following items which need to be included in our release review documentation:

API certification
Security / Architectural Issues
Conformance to UI guidelines (probably not relevant because we do not provide a classic Eclipse IDE)
Usability details
Standards (MQTT, Hawkbit tokens, keycloak, …)

I would like to distribute the release review documentation by tomorrow.

Thanks and best regards,
Robert

==============================
Fachhochschule Dortmund
University of Applied Sciences and Arts
==============================
Robert Hoettger
IDiAL Institute
Otto-Hahn-Str. 23, 44227 Dortmund
room EG 04
phone +49 231 9112-9548
robert.hoettger@xxxxxxxxxxxxxx
www.fh-dortmund.de
==============================

_______________________________________________ kuksa-dev mailing list kuksa-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/kuksa-dev

References:
- [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation
  - From: Robert Höttger

Prev by Date: [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation
Next by Date: [kuksa-dev] Failed Jenkins Pipeline: run-kuksa-tests #45
Previous by thread: [kuksa-dev] Eclipse Kuksa Release 0.1.0 review documentation
Next by thread: [kuksa-dev] Failed Jenkins Pipeline: run-kuksa-tests #45
Index(es):
- Date
- Thread

Breadcrumbs