Hello Chase! I hope all is well with you and yours. I have a couple of
questions about networking which you may or may not have opinions or
thoughts about :)
We've been butting our heads against the inability of VMs in the -dev
cloud to talk to outside networks. When Jason and Arturo looked at ways
to open that up, they ran into several code comments from you expressing
unspecific worries about security concerns with allowing that traffic.
Do you remember what those concerns were? If it was just a matter of
'we don't need this anyway' then we might go ahead and allow that
traffic, but I want to make sure we aren't overlooking some grave danger.
Related to that -- it's clear that in the past there was an apt proxy
running someplace to allow labtest VMs to connect to apt repos. Do you
remember how that proxy was set up? I think it must not have been
puppetized because I can't find any traces of it in the git history for
the box it was surely running on. (Obviously this is moot if we open up
just FYI I saw a news email flying by some Debian Developers communicating that
the intention is to don't support Python2 *at all* in Debian 11 Bullseye (which
I know we still have Jessie, Stretch and Buster, but worth noting!
More info: https://wiki.debian.org/Python/2Removal
Arturo Borrero Gonzalez
SRE / Wikimedia Cloud Services