Bug #8
closedRemove internal information from docker-compose file
0%
Description
cpp nad I discovered today that there's internal or rather information that is specific to our use case within the dockerfiles/reverse-proxy repository. We should strip the repository (including the history) of that information.
I've set the repository's visibility to internal until we mitigate this problem.
Updated by cpp zombi over 4 years ago
As far as I recall Paul S. set this up. I don't really see a problem with a list of some domains being published in a docker-compose file.
Updated by Paul S. over 4 years ago
- Status changed from New to In Progress
- Assignee set to Paul S.
- Priority changed from High to Normal
If I understand this issue correctly, it deals with the domain names for various services. People can already query our subdomains via the certificate transparency project:
https://transparencyreport.google.com/https/certificates/JzsKTgV1AqtJI94TRqMBpuGT4X20mkk4u0X9omyzaSo%3D
therefore I'd argue that the list of used subdomains are not a secret.
Reclassified this as a "low" issue, but I'll be working on it.
Updated by Paul S. over 4 years ago
- Status changed from In Progress to Closed
Removed the dashboard, moved tls definitions out.
Updated by cpp zombi over 4 years ago
The repository is still internal, since Mad Maurice changed the visibility when creating this issue. Can we change this back to public now? cc Paul S.
Updated by Mad Maurice over 4 years ago
Change it back if you want. It seemed leaky on the first look.
Updated by cpp zombi over 4 years ago
Mad Maurice wrote in #note-6:
Change it back if you want. It seemed leaky on the first look.
I would if I could, which I can't. One of the owners of the repository would need to do it (e.g. you, Mad Maurice)