[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crypto support in potato

In tom.lists.debian-devel, you wrote:
> Isn't this bass-ackwards?  Youre using the network to get packages to make
> your system secure? 

I'm not sure if it is. How would using a virgin system to install a
ssh package over the network make it any less secure than installing
the same package off of a cdrom?

A system, in theory, starts off with perfect network security but
little functionality. (ie, no ports open.) We add packages to it to
trade off a little security for functionality. It's probably better to
encourage users to get packages with a higher degree of security. (For
example, ssh and telnet provide to a first approximation the same
service, but ssh is more secure.)

Tom Rothamel --------- http://onegeek.org/~tom/ ---------- Using GNU/Linux
	"Students who successfully accomplish this task will be given 
	 extra credit (and a complete psychiatric examination)."
		- Andrew S. Tannenbaum, _Structured Computer Organization_

Reply to: