← Back to context

Comment by traceroute66

2 days ago

> it can still be enabled?

Yes, just like >= 1.86, you set a flag during install.

But that's not the point.

The point is that >= 1.90.2 it became enabled by default.

The point is that most people would expect that "by default" to be a permanent fixture, i.e. a sane secure-by-default config.

This means that people with automated deployments based on >= 1.90.2 can no longer rely on the "by default" and this now needs to be flagged.

1 comment

traceroute66

Reply
esseph  2 days ago

If your threat profile has you worried about tailscale + tpm, you probably shouldn't be running talescale unless you're also running headscale...

Just a thought.