[ARVADOS] updated: 2.1.0-1489-gc8d252f51

Git user git at public.arvados.org
Mon Oct 18 13:30:10 UTC 2021 

Summary of changes:
 lib/config/config.default.yml  | 11 ++++-------
 lib/config/generated_config.go | 11 ++++-------
 2 files changed, 8 insertions(+), 14 deletions(-)

       via  c8d252f51c23484484e4aa023fcd1f86ee961eab (commit)
      from  bda9093be4d24d45a6fff29148fbb5438e283897 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit c8d252f51c23484484e4aa023fcd1f86ee961eab
Author: Tom Clegg <tom at curii.com>
Date:   Mon Oct 18 09:25:04 2021 -0400

    16347: Remove config comment made obsolete by logging option.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 106ecdfac..67286edfe 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -920,13 +920,10 @@ Clusters:
       #
       # A zero value disables this feature.
       #
-      # This feature has security implications. (1) Container logs
-      # will include keepstore log files, which typically reveal some
-      # volume configuration details, error messages from the cloud
-      # storage provider, etc., which are not otherwise visible to
-      # users. (2) The entire cluster configuration file, including
-      # the system root token, is copied to the worker node and held
-      # in memory for the duration of the container.
+      # Note that when this feature is enabled, the entire cluster
+      # configuration file, including the system root token, is copied
+      # to the worker node and held in memory for the duration of the
+      # container.
       LocalKeepBlobBuffersPerVCPU: 0
 
       # When running a dedicated keepstore process for a container
diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 4207e6e4d..d2a68f29f 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -926,13 +926,10 @@ Clusters:
       #
       # A zero value disables this feature.
       #
-      # This feature has security implications. (1) Container logs
-      # will include keepstore log files, which typically reveal some
-      # volume configuration details, error messages from the cloud
-      # storage provider, etc., which are not otherwise visible to
-      # users. (2) The entire cluster configuration file, including
-      # the system root token, is copied to the worker node and held
-      # in memory for the duration of the container.
+      # Note that when this feature is enabled, the entire cluster
+      # configuration file, including the system root token, is copied
+      # to the worker node and held in memory for the duration of the
+      # container.
       LocalKeepBlobBuffersPerVCPU: 0
 
       # When running a dedicated keepstore process for a container

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list