[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Thu, Oct 30, 2014 at 03:59:33PM +1000, Russell Stuart wrote:
> On Thu, 2014-10-30 at 01:40 -0400, Michael Gilbert wrote:
> > Anyway, it is entirely understandable that reading can be hard, but at
> > a minimum the truly security-conscious need to be to do so.
> Yes, fine.  But a truly security conscious distribution doesn't depend
> on its users being truly security conscious.

I would hope Debian never becomes a "truly security conscious"
distribution by that definition. It implies the distribution thinks it
knows better than its users what the right security trade-off is, and
that way lies disaster.

Empower our users to make their system more secure? Sure. Enable
security options by default? Yes please. Annoy them by assuming they
never need the insecure option and making it hard or impossible to do
them? Hell no.

I'm not saying that the latter is what you meant, but it does seem to go

It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

Reply to: