1.2. Security Considerations

Important

LOCKSS 2.0-alpha3 is a technology preview, not yet suitable for production environments.

Although the LOCKSS software itself and especially the LOCKSS peer-to-peer protocol remain as secure as ever, the operating environment for alpha versions of LOCKSS 2.0 is still being hardened. Please read about the security considerations below that are relevant as of LOCKSS 2.0-alpha3.

1.2.1. Networking

LOCKSS 2.0-alpha3 is the first version of the LAAWS (LOCKSS Architected As Web Services) initiative deployed in a Kubernetes environment. The Kubernetes networking model is sophisticated and requires complex interactions with the host operating system’s network and firewall stacks. LOCKSS 2.0-alpha3, for the purposes of demonstrating basic functionality, requires disabling any of the user-friendly wrappers around iptables, such as firewalld or ufw, which can interfere with Kubernetes’ iptables manipulations. Better integration with these firewall wrappers will arrive in LOCKSS 2.0-alpha4.

1.2.2. System Privileges

Likewise, to demonstrate basic functionality, LOCKSS 2.0-alpha3 runs as a dedicated lockss system user with sudo privileges. This requirement will be relaxed in future versions as we integrate better with the underlying operating system.