ufw.enable's soft_fail argument defaults to False
Bug #1438137 reported by
Stuart Bishop
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Charm Helpers |
New
|
Undecided
|
Felipe Reyes | ||
Bug Description
The rare case is for charms to absolutely require ipv6 networking, so the default should be True (warn but continue if ipv6 is broken). Having the default aborting if ipv6 is broken means charms will fail needlessly if they don't require ipv6 and are run in a new environment where ipv6 happens to be broken. I can't really see downsides to changing the default - if ipv6 actually is required and ufw.enable doesn't abort, then something else will surely fail later.
| Changed in charm-helpers: | |
| assignee: | nobody → Felipe Reyes (freyes) |
Revision history for this message
| Felipe Reyes (freyes) wrote | #1 |
Revision history for this message
| Stuart Bishop (stub) wrote | #2 |
To post a comment you must log in.
Hi Stuart,
This is a bit tricky, because if we set the default to True we could be leaving services silently exposed over IPv6. Considering this I tried to avoid a big security risk and users (deployers or charm authors) have to opt-in to soft-fail.
If a given charm doesn't mind this, then the author can simple use soft_fail=True. I think this is a fair balance between security and usability of our library.
Best,