Re: Disable ZeroConf: how to ?
-----BEGIN PGP SIGNED MESSAGE-----
Am Fr den 4. Mär 2011 um 12:24 schrieb Wouter Verhelst:
> On Fri, Mar 04, 2011 at 11:32:01AM +0100, Klaus Ethgen wrote:
> > A user that installs Debian on his system will do that due to the
> > reputation in security. If he want to have a simpler system he would
> > install, for example, Ubuntu, Mac or Windows.
> > I do not think that Debian should be good for every DAU (German
> > abbreviation, English would be luser or so). I think Debian should be a
> > distribution for experts and professionals (but not exclusive).
> You seem to believe that Debian's usefulness should be confined to a
> particular niche of users; a niche which conveniently includes you.
Well, I wouldn't tell it »niche« but in principle you are right.
> I disagree. While it certainly would make your particular use case
That is not the point. In fact, it makes many thinks harder.
> I think Debian should strive to be useful to as many users as
True, but ...
> Just because Ubuntu is a popular distribution for beginning Linux users
> should not have to mean that 'beginning Linux users' is no longer a
> target audience for Debian.
It is definitively not. That is the reason, why so many derived
distributions of debian exists (Knoppix, Ubuntu, Kubuntu, ...).
> If security matters a great deal to you, you should audit systems for
> unwanted services and disable them,
True. But that is not the point. That is always needed, independent if
your defaults are secure or not.
> rather than hope that whatever you have installed happens not to be a
> problem for your particular use case. Relying on defaults to be secure
> is relying on other people to do your security for you.
Hmmm... First you tell that debian should be for beginning users too and
then you tell that they couldn't relay on the security of the system!?
And this is exact the point. Just because it needs further steps to
install a secure system do not mean that the defaults could be insecure.
In ancient times debian was packaged the way that the administrator only
installed the daemons that he needed. Today many daemons gets installed
by dependencies and gets started without any need. Just the fact is
security relevant as any running daemon higher the change that there is
a security hole. Every daemon! And examples are found at many places
today. I. e. mysqld from kde packages, apache for a linkchecker, avahi
and consortions for gnome, ... Not to mention all the daemons that do
not listen on network as gconf, kded4, ...
I think, in the last few years, the quality of (some) debian packages
has sunken. But this is just my personal view, and I am sorry to say it.
> This is stupid, in all cases.
When you argue that debian should be for beginning users too, no. In the
other case just partly.
> That's not to say that our defaults should be insecure, but
> 'acceptable security' is a stretchable concept;
But has its borders too. And having unnecessary daemons run and listen
for network answers is definitively beyond that border.
> the security trade-offs that you are willing to live with may be
> stricter than mine, and vice versa.
I think so. (From the reading)
> If you're unfamiliar with computers, on the other hand, chances that
> you'll be able to figure out how to enable convenience services are
> slim, at best.
Look, I installed my mother a system with debian on it. And I activate
all that is needed to have her use the system. But I would never ever
gave her a debian cd and tell her to install the system herself. This
means that I have the responsibility to hold the system secure and up to
> Since home users typically use computers in a desktop environment, I
> therefore think it's perfectly okay to have the default desktop
> installation enable such convenience services.
No. Not with an distribution than debian but maybe with such than
ubuntu. Just open the eyes. Debian _is_ not for the very begining
(linux) user. Debian is (or was until now) a highly professional linux
distribution that fits the needs of secure and flexible environments,
where a big part is servers.
If you want to change debian to be ubuntu it would be the time to look
for another distribution that can be used on servers. (unfortunately I
do not know an alternative.)
Klaus Ethgen http://www.ethgen.ch/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----