Last modified: 2013-02-19 18:50:41 UTC
Some tools may need to use GUIs during deployment or configuration (in particular, qmon) While tunnelling can work around the lack of open X11 forwarding, doing so is less secure since it doesn't cleanly handle xauth. Security impact: Minimal; only affects users whose clients have a $DISPLAY set, and who turned on X11 forwarding.
Turns out there is an alternate method where only the instance needs to be configured to allow X11 forwarding, so the issue is moot.