Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Wed, 18 Apr 2001 16:48:41 -0700
Message-id: <[🔎] 20010418164841.C12115@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010418164315.S4217@osdlab.org>; from smurf@osdlab.org on Wed, Apr 18, 2001 at 04:43:15PM -0700
References: <[🔎] 20010418091902.O12115@flounder.net> <[🔎] Pine.LNX.4.30.0104182134190.13067-100000@tangramayne.pandemonium.de> <[🔎] 20010418135551.T12115@flounder.net> <[🔎] 20010418145534.V6381@plato.local.lan> <[🔎] 20010418182846.A13470@mercared.com> <[🔎] 20010418164315.S4217@osdlab.org>

On Wed, Apr 18, 2001 at 04:43:15PM -0700, Nathan Dabney wrote:
> It doesn't have to be a big security win.  It's still a win.  It provides the 
> additional security as opposed to shipping with the distro's pants down.

It's not a win.  It provides _nothing_ except confusion for newbie sysadmins.
If we're going to have a default, it might as well be something useful.

> It's not too aggressive.  Would you prefer we ship with ssh allowing root logins and a default of no password for root so users can us without having to 
> understand what they are doing?

There are many other, better ways to increase security than enabling paranoid
host checks by default.  And most of them are just as easy.

BTW, Implying that getting rid of these useless paranoid checks is tantamount 
to leaving a box open with no root password is just ridiculous.

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>

References:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nils Jeppe <nils@pandemonium.de>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Ethan Benson <erbenson@alaska.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: José Luis Rey <jrey@mercared.com>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>

Prev by Date: Re: kernel-{image,headers} package bloat
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread