On Sun, Feb 15, 2004 at 11:52:23AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote: > On Sat, Feb 14, 2004 at 08:37:36PM +0000, Andrew Suffield wrote: > > > Ok, let me see, in woody: > > > > > > 1) exim listens to all remote ports, is installed as the default MTA and > > > run by inetd > > > > Can't remember any remote root holes in exim. > [...] > > You seem to have missed my point, I did not said that our default install > was less "secure" than OpenBSD's but more bloated. In fact, you have not > demonstrated that this is not the case. Because it wasn't the subject under discussion. You need to look up "bloat" in a dictionary though, it doesn't mean "big". > Still, from what I said, OpenBSD ships with those default "silly" inetd > services + OpenSSH which is less risky than our default inetd+some RPC > services+mail server+OpenSSH+printer server in woody. Leaving remote buffer > overflows aside this means there is a potential for these services to be > left unconfigured/misconfigured either because of the user or a package > bug. Consider the case of having a default install which leaves an open > relay mail server because there was some error in the package that nobody > noticed. (logical disconnect) > That is less likely to happen in OpenBSD. That doesn't follow. Everybody is just going to install one anyway. What matters is the default configuration. "Installing it yourself makes it more secure" *is* the OpenBSD fallacy. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature