Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 11:38:12AM +0100, Samuel Tardieu wrote:
> Given that some of us (maybe all, this is not a flame, just a disagrement)
> do believe that this is an unacceptable security issue for Debian, I would
> like to get developers opinion on this.
I do agree that it is a security hole but I also do believe that it should
not be fixed by default. After all when I install the machine from floppy
and something goes wrong this might become a needed option. But it should be
well documented. I think this should be treated similar to the lilo password
setting. It is not enabled per default but documented so everyone who needs
to secure lilo knows how to do it.
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!