Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

[Adam McKenna <adam@debian.org>]

On Thu, Apr 19, 2001 at 10:07:48PM +1000, Craig Sanders wrote:
> > I.E., nothing.  Give me an example of one situation where this would
> > accomplish more than stalling an attacker for a few seconds.
> 
> i have no wish to waste my time. figure it out for yourself - it won't
> make any difference anyway, because you're determined not to see any POV
> other than your own.

So far the only POV you've expressed is that it's OK for Debian to be
pedantic just for the sake of being pedantic, without adding any value to our
users.

> > After hearing things like this it's not hard for me to understand why
> > a lot of people hate Debian Developers and think they're all assholes.
> 
> that would be right.  mediocre people tend to think that only arseholes
> bother to get things right.

It's not right though.  It's wrong.  And it needs to be fixed.

> there's enough distributions out there where mediocrity is good enough.
> feel free to use one of them if debian's pursuit of excellence disturbs
> you.

In case you missed it, here is what I am advocating --

a) removal of PARANOID and all dependence on hostname-based access control
b) installation time configuration of allowed subnets
c) encouragement of IP-based access rules

Please tell me how these qualify as "mediocre" and how they are worse than
the status quo (which provides NO access control).

This isn't rocket science.  Hostname-based security rules are less secure
than IP-based security rules.  Why does Debian continue to encourage their 
use, to the detriment of our users?

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>