savannah-hackers-public
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0

From: Sylvain Beucler
Subject: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Date: Wed, 16 Feb 2011 21:12:51 +0100
User-agent: Mutt/1.5.20 (2009-06-14) 
Hi,

On Mon, Feb 14, 2011 at 06:08:58PM -0500, Bernie Innocenti via RT wrote:
> > [beuc - Sun Feb 13 13:49:19 2011]:
> > Debian Squeeze 6.0 was recently released and we want to upgrade the
> > base Xen system.
> > 
> > Questions:
> > 
> > - Are you happy with the Dom0 being installed under Debian Squeeze, or
> >   would you rather another distro?  Only I want to avoid running an
> >   obsolete version.
> 
> We don't have any Squeeze Dom0s in production yet.
> 
> A few weeks ago, I upgraded a test Dom0 from Lenny to Squeeze. It required 
> some fixes to the scripts for configuring the 
> bridge, but otherwise it seems to be working. There's just one DomU running 
> on this box, so it was tested very lightly.

OK.
What do you generally use for Dom0?

> I'd recommend waiting a little longer for production use. The attack surface 
> of Dom0s is very limited because it doesn't 
> run any externally visible services.

SSH is visible but Debian 5 is still supported for at least a year, so
no impact on security.
It's more a matter of avoiding last minute upgrades, and leveraging
newer features (iptables TARPIT comes to mind :)).

> > - Can we plan a date to do it together, so as to have a hacker in
> >   front of the physical keyboard in case something goes wrong?  I'm
> >   never confident with Xen in that regard.
> 
> Whenever you choose to go ahead, I could assist you any day from 10am to 4pm.

Does that include going at the colo?

-- 
Sylvain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]