[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages should not Conflict on the basis of duplicate functionality

On Thu, Sep 30, 1999 at 08:05:32AM +1000, Craig Sanders wrote:
> sorry, it's you who needs to wake up to the real world.
> if people don't know how to administer a unix machine then they need
> to learn fast. 

Not true. Maintaining a unix-like machine for desktop or personal use
requires a different skill set than a machine used as a server. People
using linux as a windows replacement or because they want to see what
linux is *don't need* a bunch of services enabled *by default*. And if
there is no way to access the machine remotely then there's no harm if
having a non-guru administer the machine. (It can be a security
nightmare, but if no one can get in, it doesn't matter.)

> no amount of molly-coddling by the distribution authors
> (i.e. us) is going to obviate that essential requirement. maintaining
> security on your own systems requires personal knowledge and experience,
> it can not be done by proxy.

Agreed, for machines that need public services. But I'm talking about
defaults. Can you come up with a reason we *need* a bunch of stuff
enabled by default?

> the "we-know-better-than-you" attitude is what redhat and caldera (and
> microsoft, for that matter) does. it sucks. debian has always done
> better than that 

This is empty "we're better than them propaganda". Debian already makes
choices in what services are installed and enabled by default. It does
not follow that changing the *existing* list of services we enable by
default implies a "we-know-better-than-you" attitude. (OTOH, saying "if
you want to disable the service, remove the package--there's no reason
to do anything else" does seem to imply such an attitude.)

> > When we ship a system with a bunch of stuff enabled by default,
> > we're not only putting their machine at risk but we're also creating
> > problems for everyone else who's system is attacked by someone using
> > the debian machine as a jump-off point. That's bad.
> that's bad. it's also bullshit. enabling daemons by default is not
> inherently a security problem.

A system with daemons disabled will always have a better guarantee of
security than one with daemons enabled. In the not-so-distant past we've
shipped systems with a vulnerable telnetd and a vulnerable ftpd enabled
*by default.* If they'd been off instead of on they wouldn't have been a
security problem for the many people who never used them.

> see previous message. if a particular daemon is a problem then it needs
> to be fixed or replaced or dropped from the distribution. changing the
> default so that it is only enabled manually will NOT increase security
> at all.

See above.

> > It's really time to get away from the mentality that everyone needs to
> > have everything turned on all of the time; if a persone really *needs*
> > something enabled, they can figure out how to do it. (If they can't,
> > should they really be administering a network node?)
> if they don't need it then they shouldn't install the package.

It's a default. Not everyone reads everything about every
package--that's just the way things are, and we need to work with that
in mind rather than building this wall of fantasy that we can do
dangerous things as long as we bury a disclaimer in the docs. *That's*
the commercial vendor's mentality you lamented previously.

> why run debian (with all it's useful tools like update-inetd and
> update-rc.d and so on) if you're going to throw away those advantages?

Why does changing default behavior throw away advantages? What prevents
you from using those tools if you want them? 

> it's damned annoying to see people trying to force their personal
> preferences on everyone else by making loud noises about trumped up
> nebulous and vague "security" issues. it would be nicer if such FUD were
> left behind in the proprietary software world.

What reasoning are you providing other than personal preference? Do you
have any critique other than a misguided "that's what they do in the big
bad proprietary software world?" (FYI, enabling everything by default is
exactly what they do in the proprietary world because they don't have
the courage to change things. Some vendors still have passwordless
accounts because they're afraid to change things. I expect better from
free software--"we've always done it this way" is not adequate defense.)

Mike Stone

Attachment: pgp6ga_o9r6KG.pgp
Description: PGP signature

Reply to: