Re: [POSSIBLE GRAVE SECURITY HOLD]
>>"Nils" == Nils Jeppe <nils@jeppe.de> writes:
Nils> On 2 Feb 2000, John Goerzen wrote:
>> And as numerous people, including myself, have pointed out, it already
>> exists and explains the situation in a sufficient manner.
Nils> Maybe; but two points
Nils> 1) who the heck thinks of checking the MBR documentation? I'd never even
Nils> suspect it behaves any different than os/2 mbr, win mbr, whatnot mbr.
Ok.
Nils> 2) Even if the majority agrees to keep mbr as a default installation,
Nils> Where the hell is it gonna hurt anybody if you get a popup upon setting up
Nils> mbr that says something to the effect of, "MBR makes it possible to boot
Nils> from floppy; please check /usr/share/doc/mbr/whatever.txt for more
Nils> information." ?!?
Cause we already have too many things popping up in a new
install. And the fact that this is not critical information for 99&
of the installations. And because the other 1% should really read the
Securing Debian documentation.
Nils> This argument is getting really, really stupid. We should try
Nils> to make a debian which is as secure as possible.
Ribbish. We should make Debian the most usefule for the most
people. And that means not going overboard with wnything -- and that
includes security.
Nils> Too much security won't ever hurt you; too little will come
Nils> back to haunt you one day.
You really have nevere worked in the seurity industry, have
you? That little myth is the first one exploded: security always has
its costs. And one should never pooh pooh the costs of security, or
they shall come back and bite you.
Nils> And no, most people do not have time to read all 4000+ Debian
Nils> packages' readmes to the last line. They expect reasonably
Nils> secure defaults; defaults that will not screw up everything or
Nils> at least give them a choice. Or a fair warning.
The key word is reasonable. And reasonable security means that
you have physical security to the machine.
Nils> Yes the mbr problem doesn't affect most debian users, I
Nils> presume. But what frightens me MUCH more is the attitude some
Nils> are displaying here.
You know, I am getting tired of amatuers trying to play
security experts. Go ask a professional. Or grow up.
manoj
--
Experience is a good teacher, but she sends in terrific bills. Minna
Antrim, "Naked Truth and Veiled Allusions"
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: