Re: hurd does NOT need /hurd
On Wed, May 22, 2002 at 05:06:53PM +0200, Jeroen Dekkers wrote:
> The GNU system has the GNU philosophy, not the philosophy of a random
> sysadmin. And why do you think the GNU system doesn't give sysadmins
> the freedom to pursue his philosophy? He could download another TCP/IP
> stack somewhere else.
Telling us to download our own TCP stack isn't very interesting until
other TCP stacks exist. (Telling a sysadmin to write their own TCP
stack would be even less interesting.)
> > Given that the Internet is a lot like a warzone these days, with
> > unsecured systems being cracked within minutes of going online, I don't
> > believe anyone should even consider shipping a general-purpose OS
> > without IP filtering.
>
> You should solve the real problem: Making computers uncrackable.
Telling us to do the impossible is, like the above, not interesting.
What about selectively blocking ICMP at a router, to cut off an attack
before it hits a low-bandwidth link? Immoral?
> > >The Hurd's design is so secure that it makes firewalls immoral IMHO.
The Hurd's design is irrelevant if it's to be used as a router; it's
not routing packets exclusively for other Hurd systems; in fact, it's
likely to be routing packets for systems completely out of the control
of whoever runs that router.
Also, IP filtering rules are just a small feature of a modern routing
stack. Any routing system that allows NAT, intelligent forwarding,
packet logging, and so on would probably have to go to lengths to *avoid*
having a way to bitbucket packets.
And, all this aside, I hope you'll agree that it's a bad idea to make a
program prohibit doing something legitimately useful to many people
because it can be abused.
I agree, of course, that there are clearly other, far more pressing
things to be implemented than routing and filtering. Not having time
is a valid reason to hold off on it. Calling it "immoral" is not.
--
Glenn Maynard
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: