Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Wed, 18 Apr 2001 23:06:10 -0700
Message-id: <[🔎] 20010418230610.H12115@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010418165750.U4217@osdlab.org>; from smurf@osdlab.org on Wed, Apr 18, 2001 at 04:57:50PM -0700
References: <[🔎] 20010418091902.O12115@flounder.net> <[🔎] Pine.LNX.4.30.0104182134190.13067-100000@tangramayne.pandemonium.de> <[🔎] 20010418135551.T12115@flounder.net> <[🔎] 20010418145534.V6381@plato.local.lan> <[🔎] 20010418182846.A13470@mercared.com> <[🔎] 20010418164315.S4217@osdlab.org> <[🔎] 20010418164841.C12115@flounder.net> <[🔎] 20010418165750.U4217@osdlab.org>

On Wed, Apr 18, 2001 at 04:57:50PM -0700, Nathan Dabney wrote:
> I am sorry, I didn't mean to compare them in seriousness, I was thinking more 
> along the lines of "having it secure by default is better than installing
> a hackable system on purpose."

Yes, but that's assuming that PARANOID makes things more secure.  PARANOID
can only be as secure as the DNS records it relies on, which is why it should
be eliminated.

> I am a firm believer in the idea that we should aim for secure by default when
> making decisions like this.  Do you agree?  
> 
> For those of you who do not like PARANOID, what would you suggest without
> reducing the protection?  Does ALL: ALL with some commentary explaining where
> the user can go for more information sound good?

No.  We should ask the user during installation what networks he wants to
allow access from, and force him to enter IP addresses/CIDR blocks.

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>

References:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nils Jeppe <nils@pandemonium.de>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Ethan Benson <erbenson@alaska.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: José Luis Rey <jrey@mercared.com>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan Dabney <smurf@osdlab.org>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread