[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Thu, 2014-10-30 at 16:06 +0100, Wouter Verhelst wrote: 
> I would hope Debian never becomes a "truly security conscious"
> distribution by that definition.

> It implies the distribution thinks it
> knows better than its users what the right security trade-off is, and
> that way lies disaster.
Isn't that the very what we actually do right now?!

We think we know better which validity time is appropriate to the attack
model of users.
We think we know better whether and how users should educate themselves
above upgrades.
We think we know better which algos are still appropriate for the user
or not.

AFAIU the term "truly security conscious" it's:
- assuming the worst (attack)
- default to be secure 
- in case of uncertainty, security critical warnings or error, or in
case of unexpected things: try to educate the user what's likely to be
going on and leave the choice up to him (e.g. disable SSL3 per default,
tell the user why, but allow him to override
- try to deploy security to the masses in a way they can still deal with
it, and not just to the few paranoid people that really dig into it.

> Annoy them by assuming they
> never need the insecure option and making it hard or impossible to do
> them? Hell no.
Absolutely agree.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: