Hello Chase! I hope all is well with you and yours. I have a couple of
questions about networking which you may or may not have opinions or
thoughts about :)
We've been butting our heads against the inability of VMs in the -dev
cloud to talk to outside networks. When Jason and Arturo looked at ways
to open that up, they ran into several code comments from you expressing
unspecific worries about security concerns with allowing that traffic.
Do you remember what those concerns were? If it was just a matter of
'we don't need this anyway' then we might go ahead and allow that
traffic, but I want to make sure we aren't overlooking some grave danger.
Related to that -- it's clear that in the past there was an apt proxy
running someplace to allow labtest VMs to connect to apt repos. Do you
remember how that proxy was set up? I think it must not have been
puppetized because I can't find any traces of it in the git history for
the box it was surely running on. (Obviously this is moot if we open up
the routing.)
Thanks!
-A