Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 08:59:22PM +0100, Nils Jeppe wrote:
> On 2 Feb 2000, John Goerzen wrote:
> > And as numerous people, including myself, have pointed out, it already
> > exists and explains the situation in a sufficient manner.
> 2) Even if the majority agrees to keep mbr as a default installation,
> Where the hell is it gonna hurt anybody if you get a popup upon setting up
> mbr that says something to the effect of, "MBR makes it possible to boot
> from floppy; please check /usr/share/doc/mbr/whatever.txt for more
> information." ?!?
I don't think anyone's really arguing against this, it's more an arguement
that the feature shouldn't be removed because it can be abused in a rare
set of circumstances. And that wouldn't help - who really tries to read
all the messages at a full Debian installtion?
> This argument is getting really, really stupid. We should try to make a
> debian which is as secure as possible. Too much security won't ever hurt
> you; too little will come back to haunt you one day.
Nonsense. Too much security can get in the way of doing what you need
to do. If someone comes up to my computer, they can just take the hard
drive or sit down to a logged in console - why fight stuff everytime
you reboot for imaginary console security?
> "Sure, here's an insecure default. Why, you could've Read The Fucking
> Manual and fixed it. We don't care, it's your problem."
"You want an extreamly specialized setup, and you're demanding that
something only useful on that setup be default? Here's the Fucking
Manual - you can set up your systems that way if you like."
David Starner - email@example.com
If you wish to strive for peace of soul then believe;
if you wish to be a devotee of truth, then inquire.
-- Friedrich Nietzsche