On Fri, Aug 20, 1999 at 05:49:18PM -0700, David Bristel wrote: > I believe you misunderstood my meaning here. What I suggested was that Debian > as it currently exists should remain the way it is, but with a special "enduser" > version that doesn't start with these things on. It is a focus issue in my > opinion. Do we want to target the enduser the way Redhat has done, and > sacrifice quality for ease of use to endusers? One of the things about Debian > that appeals to me is that it is a "system administrator's Linux". While No system administrator worth his salt wants every service turned on. It's usually a good idea to only turn on the services essential to a machine's operation--and very few machines need to be web servers, pop servers, udp echo servers, XDMCP servers, NFS servers, etc. How does it sacrifice quality to limit the number of ways into a system? For that matter, I've heard complaints that it takes more effort than it should to turn everything off on a debian system (in order to make it secure for paranoid sysadmins.) It's astounding how many crack attempts come from machines whose web pages welcome you to RedHat Linux 4.2. They're little machines stuck in a corner somewhere who have gotten their mountd or imapd exploited and are now being used as a jump-off point into other systems. IME, the admins of these boxes don't even know they've been compromised until the phone calls start coming. That's not meant as a criticism of redhat in particular--we ship too many default services, as well--but they've got the numbers to make the problem more noticable. Mike Stone
Attachment:
pgpbv57cOxPlV.pgp
Description: PGP signature