Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Joey Hess schrieb:
> If it is a daemon that binds to a port, and it doesn't have "secure" in its
> name or "encryption" in its description, it's gotta be insecure.
Debians minimal system (what's called 'standard') is to fat.
Regardless of how secure it is, many boxes just don't need the
portmapper or a telnet _daemon_ (I don't mind about the client,
I prefer netcat though). The minimal system should really be
minimal, let dependencies do the rest.
> BTW there are secure uses of telnet. telnet to 'kitenet.net' and log in
> as 'beer' (no password) for one of them.
$ telnet bofh.jive.org 666|grep "Your excuse is:"
"I'm not going to ride on a magic carpet! I'm afraid of grounds!"
"You mean heights, and stop being silly!"
"I know what I mean! It's the grounds that kill you!"
--Terry Pratchet, "Sourcery"