On Thu, 2014-10-30 at 16:06 +0100, Wouter Verhelst wrote: > On Thu, Oct 30, 2014 at 03:59:33PM +1000, Russell Stuart wrote: > > Yes, fine. But a truly security conscious distribution doesn't depend > > on its users being truly security conscious. > > I would hope Debian never becomes a "truly security conscious" > distribution by that definition. It implies the distribution thinks it > knows better than its users what the right security trade-off is, and > that way lies disaster. You are reading way too much into it. It's meant to express something uncontroversial. There is the spectrum ranging from: "The default install priorities should be (...put your fetishes here - eye candy, small, have everything, [not] run systemd...). If the user wants security they can customise it later". To: "The default install should be as secure as possible. If the user wants to weaken that in favour of (...put your fetishes here...), they can customise the system later". IMO, on the spectrum Debian must be heavily biased towards favouring security. So it just expresses what I presume to be the consensus. As such I really should not have wasted your time by writing it, but there was an element of conceit involved - I was taken with the turn of phrase.
Attachment:
signature.asc
Description: This is a digitally signed message part