Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Thu, Apr 19, 2001 at 08:52:55AM -0700, Adam McKenna wrote:
> On Thu, Apr 19, 2001 at 10:07:48PM +1000, Craig Sanders wrote:
> > > I.E., nothing. Give me an example of one situation where this would
> > > accomplish more than stalling an attacker for a few seconds.
> > i have no wish to waste my time. figure it out for yourself - it won't
> > make any difference anyway, because you're determined not to see any POV
> > other than your own.
> So far the only POV you've expressed is that it's OK for Debian to be
> pedantic just for the sake of being pedantic, without adding any value to our
> > > After hearing things like this it's not hard for me to understand why
> > > a lot of people hate Debian Developers and think they're all assholes.
> > that would be right. mediocre people tend to think that only arseholes
> > bother to get things right.
> It's not right though. It's wrong. And it needs to be fixed.
> > there's enough distributions out there where mediocrity is good enough.
> > feel free to use one of them if debian's pursuit of excellence disturbs
> > you.
> In case you missed it, here is what I am advocating --
> a) removal of PARANOID and all dependence on hostname-based access control
> b) installation time configuration of allowed subnets
> c) encouragement of IP-based access rules
Adam, you are getting really close to something I can agree with you on.
on a) - ok, providing it's replaced with something better
on b) & c) - ONLY on the custom or expert installs. There needs to be a
"secure by default" option that users who don't know crap about IP address
can use. IP addressing knowledge CANNOT be a requirement for a user to
be comfortable with Debian.
> Please tell me how these qualify as "mediocre" and how they are worse than
> the status quo (which provides NO access control).
They are close, but they can only apply to the expert installs.
> This isn't rocket science. Hostname-based security rules are less secure
> than IP-based security rules. Why does Debian continue to encourage their
> use, to the detriment of our users?
Because Debian doesn't have a good install allowing for a range of user
experience levels. This is a install time simple vs. expert issue, not
a mandatory system default issue.