[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Thu, Apr 19, 2001 at 04:03:14AM +0200, PiotR wrote:
> IMHO that exceeds our objetives and those of the debian developers. I think
> is not debian's objetive to enforce a well structurated internet, which is
> not. It's by far more important that our operating system doesn't act weirdly
> when it shouldn't. Not to mention givin unecesary headaches to netadmins. And
> denying network services, wich might be crucial.

An admin should know how to admin his server. If he doesn't, he should _learn_
how to before opening up his system. I support ALL:ALL in hosts.deny, possibly
with a debconf (or some other) mechanism to open up access from some networks.
The people who don't know how to secure their system shouldn't be forced to
learn how before they install debian.

> Let's think in usability
> first: I don't like my servers denying conexions to clients ( wich could keep
> my company from making money or giving service to customers ). Is that
> supposed exquisite-security-enhacement worth denying a lot of conexions, with
> the consequences that this might have?   

Yes, since the admin knows how to stop the machine from denying those

-> -/-                       - Rahul Jain -                       -\- <-
-> -\- http://linux.rice.edu/~rahul -=- mailto:rahul-jain@usa.net -/- <-
-> -/- "I never could get the hang of Thursdays." - HHGTTG by DNA -\- <-
   Version 11.423.999.220020101.23.50110101.042
   (c)1996-2000, All rights reserved. Disclaimer available upon request.

Reply to: