Re: making Debian secure by default

[DdB <debianlist@potentially-spam.de-bruyn.de>]

Am 27.03.2024 um 22:30 schrieb Lee:
> oof.  Are there instructions somewhere on how to make Debian secure by default?

To be honest: I did not read this thread, as my spidey senses got
tingling. IMHO Even the idea/concept, that such a thing would be
possible, is broken.

Sounds like: Get me a car, that never kills anybody, no matter how
stupid the driver is... (impossible).

But to slow it down a bit:
As a former software engeneer, i learned quite a few things, among the
important ones were the lessons around "Cleanliness" (donno, if this
word even exists).

>From time to time, even experienced devs come across a choice:
Either, they work on very clean contracts between software parts, which
in an ideal world lead to good interfaces, but this makes some difficult
tasks impossible, as it may be impossible to agree upon such a contract
with everyone involved (or the whole world).
Or, they lean more towards what is feasible, preferring tricking or
evading from contracts, like what most hackers do.
My own recipe in such cases, was to feel my inner work ethic and to
trust it more than anything. But i do understand, that such a solution
is bound to be changing and thus is not really a good solution in general.

But that leaves us with:
There is no way, a secure system will ever come to be. We need to take
responsability for what we are doing, as even a hammer can be used to
kill. Sorry, that means we have to use our brains, learn from mistakes
and do the best we can without falling asleep.

Just my 2 cents
DdB