[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


>>"Nils" == Nils Jeppe <nils@jeppe.de> writes:

 Nils> On 2 Feb 2000, John Goerzen wrote:
 >> And as numerous people, including myself, have pointed out, it already
 >> exists and explains the situation in a sufficient manner.

 Nils> Maybe; but two points

 Nils> 1) who the heck thinks of checking the MBR documentation? I'd never even
 Nils> suspect it behaves any different than os/2 mbr, win mbr, whatnot mbr.


 Nils> 2) Even if the majority agrees to keep mbr as a default installation, 
 Nils> Where the hell is it gonna hurt anybody if you get a popup upon setting up
 Nils> mbr that says something to the effect of, "MBR makes it possible to boot
 Nils> from floppy; please check /usr/share/doc/mbr/whatever.txt for more
 Nils> information." ?!?

        Cause we already have too many things popping up in a new
 install. And the fact that this is not critical information for 99&
 of the installations. And because the other 1% should really read the
 Securing Debian documentation.

 Nils> This argument is getting really, really stupid. We should try
 Nils> to make a debian which is as secure as possible.

        Ribbish. We should make Debian the most usefule for the most
 people. And that means not going overboard with wnything -- and that
 includes security. 

 Nils> Too much security won't ever hurt you; too little will come
 Nils> back to haunt you one day.

        You really have nevere worked in the seurity industry, have
 you? That little myth is the first one exploded: security always has
 its costs. And one should never pooh pooh the costs of security, or
 they shall come back and bite you. 

 Nils> And no, most people do not have time to read all 4000+ Debian
 Nils> packages' readmes to the last line. They expect reasonably
 Nils> secure defaults; defaults that will not screw up everything or
 Nils> at least give them a choice. Or a fair warning.

        The key word is reasonable. And reasonable security means that
 you have physical security to the machine.

 Nils> Yes the mbr problem doesn't affect most debian users, I
 Nils> presume. But what frightens me MUCH more is the attitude some
 Nils> are displaying here.

        You know, I am getting tired of amatuers trying to play
 security experts. Go ask a professional. Or grow up.

 Experience is a good teacher, but she sends in terrific bills. Minna
 Antrim, "Naked Truth and Veiled Allusions"
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: