Naming and Security

Came across an interesting configuration file pattern today:

conf:
  nova:
    keystone:
      insecure: true
    neutron:
      insecure: true
    glance:
      insecure: true
    cinder:
      insecure: true
    barbican:
      verify_ssl: false

The interesting thing is that 4 “subprojects” choose the key “insecure”, yet the barbican subproject choose the correct key “verify_ssl”. The flag in question here does exactly what the barbican configuration says: it still uses SSL (hence, it is still secure), but the verify (host) check has been disabled. The others incorrectly imply that all security is lost, which is not the case. They still use encrypted communications. The key “insecure” is would only be correct if that configuration item would switch between “http:” and “https:” connections. None of the configuration items here do that – when set to “false”, the only difference is that the server’s certificate will not be validated.

The fun thing to consider here is the various cultures that exist in projects, teams and countries. If OpenStack operated as a “Cancel Culture”, the “verify_ssl” would be cancelled for showing the courage to be (a) different and (b) correct. Because ‘Cancel Culture’ emphasizes agreement over accuracy, consensus over truth, perception over reality.

This entry was posted in Software Engineering. Bookmark the permalink.