[ros-users] [Discourse.ros.org] [Next Generation ROS] ROS2 Security: CLI tools
Geoffrey Biggs
ros.discourse at gmail.com
Tue Oct 30 07:28:24 UTC 2018
[quote="aalon, post:1, topic:6647"]
Overall this is a good approach, but it relies on environment variables which could be error-prone and introduces the minor inconvenience of having to invoke the CLI tool in a different manner.
[/quote]
If the ros2cli tool supplies the environment variable itself when it runs, then that removes the error-prone aspect and the inconvenience for the user. The user wouldn't even need to know it was happening.
[quote="aalon, post:1, topic:6647"]
>From the users perspective, usage would stay exactly the same. Since CLI nodes would start with the same prefix, say _ros2cli_node, you could simply setup security for all CLI nodes by using that prefix,
[/quote]
I got the impression from another post of @ruffsl's that any kind of wildcard matching when doing security policies was a Bad Idea[tm].
[quote="aalon, post:1, topic:6647"]
This obviously complicates the setup, but regardless - *Whats the use case for that discrepancy between the CLI nodes? Is that a discrepancy wed want to keep?* in ROS1, CLI nodes are all visible as far as I know. Considering that this functionality is at the CLI layer and can be easily ignored with --all, I wonder whether that discrepancy is something worth keeping.
[/quote]
This sounds to me more like an oversight in the ros2cli tools implementation than an intentional design choice.
---
[Visit Topic](https://discourse.ros.org/t/ros2-security-cli-tools/6647/2) or reply to this email to respond.
More information about the ros-users
mailing list