[quote="aalon, post:1, topic:6647"]
Overall this is a good approach, but it relies on environment variables which could be error-prone and introduces the minor inconvenience of having to invoke the CLI tool in a different manner.
[/quote]
If the ros2cli tool supplies the environment variable itself when it runs, then that removes the error-prone aspect and the inconvenience for the user. The user wouldn't even need to know it was happening.
[quote="aalon, post:1, topic:6647"]
>From the users perspective, usage would stay exactly the same. Since CLI nodes would start with the same prefix, say _ros2cli_node, you could simply setup security for all CLI nodes by using that prefix,
[/quote]
I got the impression from another post of @ruffsl's that any kind of wildcard matching when doing security policies was a Bad Idea[tm].
[quote="aalon, post:1, topic:6647"]
This obviously complicates the setup, but regardless - *Whats the use case for that discrepancy between the CLI nodes? Is that a discrepancy wed want to keep?* in ROS1, CLI nodes are all visible as far as I know. Considering that this functionality is at the CLI layer and can be easily ignored with --all, I wonder whether that discrepancy is something worth keeping.
[/quote]
This sounds to me more like an oversight in the ros2cli tools implementation than an intentional design choice.
---
[Visit Topic](
https://discourse.ros.org/t/ros2-security-cli-tools/6647/2) or reply to this email to respond.
If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
ros-users@lists.ros.org
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <
http://lists.ros.org/mailman//options/ros-users>