[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default


Quoting PiotR (piotr@omega.resa.es):
> Seriously, i think you are missing the contact with reality in this issue. 
> When you start compromising usability in favor of security, you are beening 
> PARANOID.. And that is what is wrong in /etc/hosts.deny. Specially  when we 
> are talking about DEBIAN DEFAULTS!
what's 'beening' ?
We're not sacrificing usability in favor of security, we're sacrificing
usability-for-some for security-for-lots. Apart from that we're doing The
Right Thing by assuming an 'honest' host has a correct dns entry, like all
hosts should have.
Removing it would mean more usability for you, less for me. I wonder if
they're more people with broken DNS entries than those with working ones...

> Note that the majority of debian users don't have to be networking gurus by 
> default.
I would like to know how knowing what 'ALL: PARANOID' means makes you a
networking guru ;)


			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
       By default, there is only one account (root) with no password, 
		as with most UNIX systems. -- the Darwin FAQ 

Reply to: