[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Thu, 2014-10-30 at 16:06 +0100, Wouter Verhelst wrote:
> On Thu, Oct 30, 2014 at 03:59:33PM +1000, Russell Stuart wrote:
> > Yes, fine.  But a truly security conscious distribution doesn't depend
> > on its users being truly security conscious.
> I would hope Debian never becomes a "truly security conscious"
> distribution by that definition. It implies the distribution thinks it
> knows better than its users what the right security trade-off is, and
> that way lies disaster.

You are reading way too much into it.  It's meant to express something

There is the spectrum ranging from: "The default install priorities
should be (...put your fetishes here - eye candy, small, have
everything, [not] run systemd...).  If the user wants security they can
customise it later".  To: "The default install should be as secure as
possible.  If the user wants to weaken that in favour of (...put your
fetishes here...), they can customise the system later".  IMO, on the
spectrum Debian must be heavily biased towards favouring security.

So it just expresses what I presume to be the consensus.  As such I
really should not have wasted your time by writing it, but there was an
element of conceit involved - I was taken with the turn of phrase.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: