Re: [POSSIBLE GRAVE SECURITY HOLD]
Pierre Beyssac <firstname.lastname@example.org> writes:
> > No, it's irrelevant. It is not MBR that is making things insecure.
> > It's YOU (or the relevant admin).
> Note that you can even extend your argument by saying that serious
You can if you want, but that's incorrect.
> admins run only programs for which they have read, understood and
> possibly corrected the source code. Reading the doc is not enough:
> some features can be undocumented, poorly documented or wrongly
I suggest that any good admin will understand the workings of the
software on his machine, and we cannot be responsible of the admin is
negligent in this regard.
> So, trying to fix security bugs in a default installation is totally
> pointless if I understand you right, since the competent admin will
> fix that because he knows Everything.
The competant admin reads documentation. He is no superhuman
creature, but has common sense. If you think I am trying to say that
the competant admin knows everything, you are misunderstanding what I
> So Debian is a distribution geared for people who know Everything
> and have the time to read and understand all the sources. See, I'm
> beginning to understand how you see things.
Any distribution -- of any OS -- is geared for people that read the
information and documentation presented them.
> > However I think it is a very poor argument to remove something because
> > it has features that an inexperienced admin could misuse.
> The point is about removing uselessly duplicate features. Who uses
> the floppy boot feature of this MBR? Nobody. Who can be fucked by
> this feature? A lot of people.
Granted, the scenario for needing MBR to boot from a floppy does not
occur with significant frequency.
> > Virtually everything in the distro is like that.
> Yes, that's called creeping featurism. This is generalized on toy
> operating systems. And this particular case is an obvious case of
> needless duplicate features. Since this makes the source code grow,
No, it doesn't, as the MBR has had a fixed size limit ever since
MS-DOS 2.0 in the early 1980s.
This whole tangent, BTW, is wholly irrelevant to the topic at hand.
John Goerzen Linux, Unix consulting & programming email@example.com |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
The 494,522nd digit of pi is 0.