Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, Apr 18, 2001 at 04:57:50PM -0700, Nathan Dabney wrote:
> On Wed, Apr 18, 2001 at 04:48:41PM -0700, Adam McKenna wrote:
> > On Wed, Apr 18, 2001 at 04:43:15PM -0700, Nathan Dabney wrote:
> > > It doesn't have to be a big security win. It's still a win. It provides the
> > > additional security as opposed to shipping with the distro's pants down.
> > It's not a win. It provides _nothing_ except confusion for newbie sysadmins.
> > If we're going to have a default, it might as well be something useful.
> I disagree, it's a small win. The reasons for which have already been covered
> in this thread. Just because the things it helps provide are not important to
> you doesn't mean nobody would like them.
> > > It's not too aggressive. Would you prefer we ship with ssh allowing root logins and a default of no password for root so users can us without having to
> > > understand what they are doing?
> > There are many other, better ways to increase security than enabling paranoid
> > host checks by default. And most of them are just as easy.
> Other yes, should we ignore this one, now.
> I would prefer ALL: ALL in hosts.deny as a default.
I think this violates the possible "Debian default:worlwide acces" that I have previously mentioned.
Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/