Dear all, In order to improve the overall security in TripleO, we're currently creating a couple of specs, aiming Stein version. The first one concerns calls to "sudo" from shell scripts and the like: https://review.openstack.org/572760 The second one concerns privilege escalation inside python scripts: https://review.openstack.org/580033 The short version is "get rid of the NOPASSWD:ALL" scattering the sudoers for a couple of users. Both are still Work In Progress, and need a ton of reviews and discussions in order to get a clear consensus from the community. Thank you for your time and feedback. Cheers, C. -- Cédric Jeanneret Software Engineer DFG:DF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180704/4855e168/attachment.sig>