[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: woody release task needs help: package priorities

Tollef Fog Heen wrote:
> * Michael Stone
> | On Sat, May 12, 2001 at 01:08:17PM +0200, Tollef Fog Heen wrote:
> | > | >   talk          rather obsolete, but debatable
> | > | >   talkd         not very secure for baseline
> | >
> | > I want those.  They are very useful, and afaik, there are no security
> | > problems with talkd.
> |
> | This is about you, it's about the general case; you can install them
> | yourself with no problem. *Any* open port presents an additional
> | risk--what value outweighs that risk in this case, for the general user?

What about closing all the ports by default? The user can open them by
himself if he wants to anyway. Security fans would really be happy then.

Sure, but the system would be like the 'secure' system of bilkent that
has all ports firewalled except http and pop3.

I sometimes have the feeling that too much security is breaking many
convenient features. It would be wrong to put in a program with known
vulnerabilities, but except that I don't see why you would want to
remove useful small programs.


Eray Ozkural (exa)
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo@cs.bilkent.edu.tr
www: http://www.cs.bilkent.edu.tr/~erayo

Reply to: