Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Thu, Apr 19, 2001 at 03:16:52AM +0200, PiotR wrote:
> On Wed, Apr 18, 2001 at 11:45:13PM +0200, Nils Jeppe wrote:
> > On Wed, 18 Apr 2001, Nathan Dabney wrote:
> > > The user should only have to learn the security implications of a service or
> > > option if they intend to turn it on. The install itself should assume the
> > > user doesn't know about the option and would prefer to be protected.
> Yeah! it will be a good idea to make debian users worlwide program their own
> deamons in assembler code, to ensure they understand how they work.
I fail to see a connection.
> Seriously, i think you are missing the contact with reality in this issue. When you start compromising usability in favor of security, you are beening PARANOID.. And that is what is wrong in /etc/hosts.deny. Specially when we are talking about DEBIAN DEFAULTS!
No, it's not wrong.
This is very simple.
You are assuming that Debian default has to hard line a config that assumes
people want other people to connect to their box. It mandates a level of
security knowledge that cuts Debian out of the option list for many people
who just want an easy to use operating system for word processing.
The way to solve this is not to force what you want on everyone, it's to allow
them to choose. Security by default "needs" to be a install option if not
the standard method.
> Note that the majority of debian users don't have to be networking gurus by default.
I understand that you are not asking them to be gurus, you are mandating they
have a level of networking and security knowledge that will cut out many
large market shares for Debian.
Get it right, not everyone has the same knowledge and experience as people on
this list, while we may understand the implications of ALL: PARANOID, there are
people out there who would use Debian only if they could trust it to install
Security by default is a feature, not a crutch.
Senior System Administrator
Open Source Development Lab
-=- Debian: 2.2.19 - Total of 8 processors activated (11190.27 BogoMIPS) -=-