[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Thu, Apr 19, 2001 at 03:16:52AM +0200, PiotR wrote:
> Seriously, i think you are missing the contact with reality in this
> issue.

actually, you are the one who is out of touch with reality.

> When you start compromising usability in favor of security, you are
> beening PARANOID.. And that is what is wrong in /etc/hosts.deny.

security is *always* a compromise of usability. it is an inherent
trade-off which can not be avoided.

a completely open system is very usable...no annoying barriers to
whatever action you want to perform, no wasting time with passwords or
getting file permissions right or any other obstacle. just go ahead and
do it.

the trouble is that anyone else is also able to just go ahead and do
whatever they want too. in order to prevent unauthorised people from
messing with your system you have to compromise some of your usability.

> Specially when we are talking about DEBIAN DEFAULTS!

if you don't like the default, then change it. 

debian provides a huge selection of text editors which will help you do

> Note that the majority of debian users don't have to be networking
> gurus by default.

true. that's exactly why we should provide secure defaults...so that
their lack of expertise does not ensure that their system will be hacked
within 5 minutes of it going live on the internet.


craig sanders <cas@taz.net.au>

      GnuPG Key: 1024D/CD5626F0 
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57  52C3 EC32 6810 CD56 26F0

Reply to: