Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
From: Wouter Verhelst <wouter@debian.org>
Date: Thu, 30 Oct 2014 16:06:00 +0100
Message-id: <[🔎] 20141030150600.GA32119@grep.be>
In-reply-to: <[🔎] 1414648773.5402.110.camel@russell-laptop.pc.brisbane.lube>
References: <87k34riien.fsf@gkar.ganneff.de> <1411953785.28972.7.camel@scientia.net> <20140929110845.GA20150@khazad-dum.debian.net> <[🔎] 1414617850.4565.8.camel@scientia.net> <[🔎] 87y4rycmcx.fsf@hope.eyrie.org> <[🔎] 1414639955.5402.60.camel@russell-laptop.pc.brisbane.lube> <[🔎] 87egtqcfw9.fsf@hope.eyrie.org> <[🔎] 1414645974.5402.99.camel@russell-laptop.pc.brisbane.lube> <[🔎] CANTw=MO0DLhaOTao7VjqnrLUc5JAXqJRwCQR1F4VyRWYeVZhrg@mail.gmail.com> <[🔎] 1414648773.5402.110.camel@russell-laptop.pc.brisbane.lube>

On Thu, Oct 30, 2014 at 03:59:33PM +1000, Russell Stuart wrote:
> On Thu, 2014-10-30 at 01:40 -0400, Michael Gilbert wrote:
> > Anyway, it is entirely understandable that reading can be hard, but at
> > a minimum the truly security-conscious need to be to do so.
> 
> Yes, fine.  But a truly security conscious distribution doesn't depend
> on its users being truly security conscious.

I would hope Debian never becomes a "truly security conscious"
distribution by that definition. It implies the distribution thinks it
knows better than its users what the right security trade-off is, and
that way lies disaster.

Empower our users to make their system more secure? Sure. Enable
security options by default? Yes please. Annoy them by assuming they
never need the insecure option and making it hard or impossible to do
them? Hell no.

I'm not saying that the latter is what you meant, but it does seem to go
there.

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

Reply to:

Follow-Ups:
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russell Stuart <russell-debian@stuart.id.au>

References:
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Russell Stuart <russell-debian@stuart.id.au>

Prev by Date: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Next by Date: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Previous by thread: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Next by thread: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Index(es):
- Date
- Thread