[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jessie release goals

On 2013-05-07 00:52:03 +0800, Thomas Goirand wrote:
> On 05/06/2013 10:08 PM, Christoph Anton Mitterer wrote:
> > The usually come only with a default config which may not be hardened
> > enough for the local system, and that short time may already be enough
> > for an attacker to attack.
> If the default config isn't hardened enough, fix the default config.

This can be fine for some daemons/servers. For instance, for a web
server, displaying a default web page is harmless. But what about a
mail server? Any default config would probably lead to loss of mail
if things like virtual alias domains are used.

Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: