[openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

Ian Cordasco sigmavirus24 at gmail.com
Tue Jan 17 14:48:33 UTC 2017


On Tue, Jan 17, 2017 at 8:04 AM, Duncan Thomas <duncan.thomas at gmail.com> wrote:
> controls than this, but they never showed up AFAIK. And that's just the
> problem - people think 'Oh, barbican is storing the cinder volume secrets,
> great, we're secure' when actually barbican has made the security situation
> worse not better. It's a pretty terrible secrets-as-a-service product at the
> moment. Fixing it is not trivial.

So this is the second time you've asserted that Barbican is "a pretty
terrible secrets-as-a-service product". Instead of repeatedly saying
the same thing, have you worked with them on this? From your own
accounts, it sounds like you're not providing the constructively
critical feedback necessary to help the Barbican team and haven't
attempted to prior to this thread (although I'd not call your
criticisms constructive). I somehow doubt you'd be accepting of this
kind of feedback if it were aimed at Cinder. Are there open bugs that
have been ignored that you've filed? Items you've brought up at their
meetings?

To be clear, I started this thread to help the Barbican team gather
actionable items to further adoption because it seems a worthwhile
goal. Yes Barbican can improve, so can Cinder. So let's keep these
discussions constructive, okay?

-- 
Ian Cordasco



More information about the OpenStack-dev mailing list