From 14d56a303c62e70a7639357c2551a446b1c17556 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 31 Mar 2014 19:06:50 -0400 Subject: propellor spin --- README | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'README') diff --git a/README b/README index 99bc000d..a568d0f5 100644 --- a/README +++ b/README @@ -26,6 +26,14 @@ of which classes and share which configuration. It might be nice to use reclass[1], but then again a host is configured using simply haskell code, and so it's easy to factor out things like classes of hosts as desired. +## security + +Propellor's security model is that the hosts it's used to deploy are +untrusted, and that the central git repository server is untrusted. + +The only trusted machine is the laptop where you run propellor --spin +to connect to a remote host. + ## bootstrapping and private data To bootstrap propellor on a new host, use: propellor --spin $host @@ -47,6 +55,8 @@ in such a file, use: propellor --set $host $field The field name will be something like 'Password "root"'; see PrivData.hs for available fields. + + ## using git://... securely It's often easiest for a remote host to use a git:// or http:// -- cgit v1.2.3