Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
>>"tluxt" == <tluxt2@yahoo.com> writes:
tluxt> I think your comment is probably very true for a professional sysadmin.
tluxt> But, my concern is for the future of Debian. If Debian
tluxt> continues to have increasing relevance to the potential pool
tluxt> of FreeSW users, it will expand from its present base of users
tluxt> (who are, in general, rather knowledgeable about sysadmin type
tluxt> tasks) to users who are less knowledgeable.
If this expansion cannot be made without dumbing down Debian,
and making certain kinds of collaboration harder, I would much rather
not go for this ``increasing relevance''.
You are starting on the slippery slope of changing a winning
formula in order to achieve greater market dominance, and not
realizing you may well be destroying the brand name in the process.
Debian is known to be a rock solid OS, which is sane, easy to
maintain, and does not dumb itself down in order to be useful to less
knowledgeable users.
Preventing people from doing things that are dangerous often
also prevents them from doing things that are interesting.
This semi-rant is directed to the general tenor of your remarks.
tluxt> This expansion to less knowledgeable users is a _good thing_.
tluxt> It helps enable FreeSW to fulfill its potential as a benefit
tluxt> to society.
Perhaps.
tluxt> So, let's consider a possible typical case: Someone with
tluxt> enough knowledge to set up a Microsoft Windows computer to be
tluxt> used at his home by his family. Now, such person is, on
tluxt> average, not a professional sysadmin. His education and
tluxt> skills may have nothing to do with computers. But,
tluxt> ultimately, for FreeSW & Debian to fulfill their potentials,
tluxt> such a person ought to be able to set up a Debian system for
tluxt> his family to use.
No. There are distributions that are trying to specialize as a
niche for that kind of a user -- and they are far better left to the
task than Debian is.
You have to ask yourself what it is that motivates the general
developer. While by no means speaking for all developers, I say that
I personally spend the time that I do on Debian because I want to --
and I spend it doing things that are useful and interesting to
_me_. Letting a novice use Debian is interesting, perhaps, but not
really enough of a motivator -- that's not going to keep me up at 4am
hacking at Debian.
tluxt> Now, he probably won't know about umask. My point is:
Should he not learn?
tluxt> So, I think it wise that the packagers of the Debian system
tluxt> should keep in mind such a person, and have as a goal that the
tluxt> Debian system could, ultimately, be productively & easily used
tluxt> by such a person.
Why? How does that scratch my itch?
tluxt> Now, I don't think that, with the upcomming release, Debian
tluxt> will be a perfect fit with the user I have described. (That
tluxt> may take another one or more releases to achieve). But, I
tluxt> think that should be kept as a goal, and steps, such as I've
tluxt> suggested, should be taken _now_ in order to begin to
tluxt> transition to that mode of a system.
I disagree that should be a goal. The best free Linux
distribution, yes. The dumbest free Linux distribution, no.
We have a well known target audience. If we can expand the
user base without inconveniencing the target autdience, fine. But
making group based collaboration harder (by sharing files belonging
to a common group that I and my fellow workers belong to) is not
that.
tluxt> As for this upcomming release, Woody, I think it might be good
tluxt> to try to have the security related default settings be
tluxt> appropriate for someone who is an average computer technician
tluxt> or hobbyist computer user. He is not a professional sysadmin,
tluxt> and does not have complete sysadmin knowledge, but has more
tluxt> computer knowledge than the average head of household.
I reject that hypothesis. Personally, I would much rather that
Debian continue to cater to people like me -- there are toehr
distibutions that shall be a better fit for the average consumer.
Choice is on of the greatest things that free software
offers. Making Linux distributions clones of one other chasing the
largest market share does the community a disservice in the end.
manoj
--
Westheimer's Discovery: A couple of months in the laboratory can
frequently save a couple of hours in the library.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: