Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: John Goerzen <firstname.lastname@example.org>
- Cc: Pierre Beyssac <email@example.com>, Samuel Tardieu <firstname.lastname@example.org>, Adam Di Carlo <email@example.com>, "Huneycutt, Doug" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Thomas Quinot <email@example.com>
- Date: Thu, 3 Feb 2000 00:47:46 +0100
- Message-id: <20000203004746.B2812@lantier.enst.fr>
- Reply-to: firstname.lastname@example.org
- In-reply-to: <email@example.com>; from firstname.lastname@example.org on Wed, Feb 02, 2000 at 12:04:16PM -0600
- References: <email@example.com> <firstname.lastname@example.org> <20000202175255.E50448@enst.fr> <email@example.com> <20000202181855.H50448@enst.fr> <firstname.lastname@example.org> <20000202184944.K50448@enst.fr> <email@example.com>
Le 2000-02-02, John Goerzen écrivait :
> The purpose of this MBR is the same as that of any MBR.
No, John, this is untrue. No other MBR allows booting from a floppy disk.
> Which would mean that anybody without an MBR already on their system
> would not get a bootable machine. Bad idea.
Spreading misinformation only makes you less credible. As was
mentioned extensively on this list and elsewhere, using
Debian's alternative MBR ius perfectly optional. LILO's first stage
loader can also be used in place of a traditional MBR.
> There is no bug. The moment you start holding Debian responsible for
> administrators that do dumb thiings or refuse to read the
> documentation is the moment that common sense begins to evade your
> argument. Alas, I fear that moment is already at hand.
Common sense commands people to read documentation that exists
and to ignore documentation that does not exist.
> I suggest that a far more reasonable solution, than installing no MBR,
> is to add a mention of the MBR to the Security-HOWTO, which already
> mentions things like padlocks and LILO.
What is the use of installing an MBR? Just because we have one is
no sufficient reason at all.
Thomas Quinot ** Département Informatique & Réseaux ** firstname.lastname@example.org
ENST // 46 rue Barrault // 75634 PARIS CEDEX 13