Hi, I am having very difficult times migrating a Debian Edu 10 installation to Debian Edu 11. Until now, I could not get the LTSP netboot image to work (running into issues with mounting the homes, or with missing binaries, all of which I am sorting out one after the other). But one major problem I found is that the new system of building the image from the main server's root filesystem is prone to building images that contain far too much – reaching from dhcpd to freeradius and other services that should not be in the image, to a full copy of the LDAP data directory, Kerberos database keys, the GOSa secret, and everything else that should by all means not be shipped to random netboot clients over the network. I installed a fresh Debian Edu 11 combined server in a test environment and can reproduce that issue, meaning that in my opinion, Debian Edu 11 **must not be used with LTSP in a production environment** without taking very much care to mitigate this issue. If I am not mistaken with all of this (please stop me if I am), I will file a security bug tonight. Cheers, Nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. — Digitale Freiheit mit Jugend und Bildung https://www.teckids.org/
Attachment:
signature.asc
Description: PGP signature