Push is indeed better, but far from perfect. Instead of a single point of failure, push gives you as many points of failure and vulnerability to attack as there are systems, scripts, and admins capable of pushing out the configs.
Better yet is rendezvous, where admins must authenticate at the clients before providing authorization for a certain central server to push one or more config files for one time only. Certainly this can be done in a script, but it allows different clients to have different passwords if you want, or find that you need that.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2006-01-23 08:06 pm (UTC)Better yet is rendezvous, where admins must authenticate at the clients before providing authorization for a certain central server to push one or more config files for one time only. Certainly this can be done in a script, but it allows different clients to have different passwords if you want, or find that you need that.
No avoiding the trade-off between ease and risk.