[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

On Wed, May 22, 2002 at 05:06:53PM +0200, Jeroen Dekkers wrote:
> The GNU system has the GNU philosophy, not the philosophy of a random
> sysadmin. And why do you think the GNU system doesn't give sysadmins
> the freedom to pursue his philosophy? He could download another TCP/IP
> stack somewhere else.

Telling us to download our own TCP stack isn't very interesting until
other TCP stacks exist.  (Telling a sysadmin to write their own TCP
stack would be even less interesting.)

> > Given that the Internet is a lot like a warzone these days, with 
> > unsecured systems being cracked within minutes of going online, I don't 
> > believe anyone should even consider shipping a general-purpose OS 
> > without IP filtering.
> You should solve the real problem: Making computers uncrackable.

Telling us to do the impossible is, like the above, not interesting.

What about selectively blocking ICMP at a router, to cut off an attack
before it hits a low-bandwidth link?  Immoral?

> > >The Hurd's design is so secure that it makes firewalls immoral IMHO.

The Hurd's design is irrelevant if it's to be used as a router; it's
not routing packets exclusively for other Hurd systems; in fact, it's
likely to be routing packets for systems completely out of the control
of whoever runs that router.

Also, IP filtering rules are just a small feature of a modern routing
stack.  Any routing system that allows NAT, intelligent forwarding,
packet logging, and so on would probably have to go to lengths to *avoid*
having a way to bitbucket packets.

And, all this aside, I hope you'll agree that it's a bad idea to make a
program prohibit doing something legitimately useful to many people
because it can be abused.

I agree, of course, that there are clearly other, far more pressing
things to be implemented than routing and filtering.  Not having time
is a valid reason to hold off on it.  Calling it "immoral" is not.

Glenn Maynard

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: