- From: Bryan McLellan <
>
- To:
- Subject: [chef] Re: Re: Rack vulnerabilities in chef-server-webui in Chef Server 11
- Date: Sat, 9 Feb 2013 21:26:13 -0500
I'm not sure how I successfully disabled the webui this morning, but
other Opscode folks tell me the correct
/etc/chef-server/chef-server.rb entry to disable the webui is this:
chef_server_webui['enable'] = false
Then run 'sudo chef-server-ctl reconfigure'
On Sat, Feb 9, 2013 at 12:53 PM, Jesse Campbell
<
>
wrote:
>
Is the intention that starting with chef 12 server, the webui will be a
>
value add of the hosted/private offerings?
Not exactly. Opscode Hosted and Private Chef (OHC + OPC) have had a
separate webui from Open Source for a long time. As we recently
announced [1], we've rewritten the OHC/OPC webui and added support for
new OPC features (and OHC where applicable) like activity reporting
and push client runs. So yes, there is a big value-add there, but
that's not why we're deprecating it.
In the history of the Open Source chef-server-webui project there have
only been 20 contributions with 37 commits (since August 2009). That's
less than one a month if you spread it out. We breathed a little life
into it by porting it from merb to rails3 but it is a completely
different project from our webui, so there's nothing to trickle down
to it. In the face of multiple security patches in under a week, most
people not using it, and very few developing it, it is more of a
liability than a feature.
Now, if anyone was about to say, "I love the webui, wanted to work on
it and just found a ton of spare time," we should talk about long-term
possibilities.
Bryan
[1]
http://www.opscode.com/press-releases/opscode-announces-next-generation-of-private-chef-for-the-enterprise/
Archive powered by MHonArc 2.6.16.