On Thu, 2014-10-30 at 16:06 +0100, Wouter Verhelst wrote: > I would hope Debian never becomes a "truly security conscious" > distribution by that definition. > It implies the distribution thinks it > knows better than its users what the right security trade-off is, and > that way lies disaster. Isn't that the very what we actually do right now?! We think we know better which validity time is appropriate to the attack model of users. We think we know better whether and how users should educate themselves above upgrades. We think we know better which algos are still appropriate for the user or not. AFAIU the term "truly security conscious" it's: - assuming the worst (attack) - default to be secure - in case of uncertainty, security critical warnings or error, or in case of unexpected things: try to educate the user what's likely to be going on and leave the choice up to him (e.g. disable SSL3 per default, tell the user why, but allow him to override - try to deploy security to the masses in a way they can still deal with it, and not just to the few paranoid people that really dig into it. > Annoy them by assuming they > never need the insecure option and making it hard or impossible to do > them? Hell no. Absolutely agree. Cheers, Chris.
Description: S/MIME cryptographic signature