On Mon, May 20, 2002 at 12:13:41PM -0700, Thomas Bushnell, BSG wrote:
> "John H. Robinson, IV" <jhriv@ucsd.edu> writes:
> > Debian (using a linux, bsd, or gnumach/l4 (micro)kernel) should be
> > ``Secure by default.'' if this means that no firewalling -> no debian
> > release, then so be it.
> 1. Debian does not have firewalling by default, so if firewalling is
> necessary for security, then it is not secure by default.
It does: it has spoof protection enabled and forwarding disabled by
default. In any event, default behaviour isn't the issue: it's whether
or not you have any real control over your network interfaces.
> 2. Firewalling is not actually an asset in network security; the
> notion that it is is misguided and thoroughgoingly erroneous.
That's the most bizarre statement I've seen for at least an hour.
> 3. Picking some random kernel feature and saying "this must be there
> or it can't be Debian" is not appropriate.
*shrug* You can think that if it gives you a happy. Doesn't make it
true, though.
In reality we haven't done this before (ported Debian to something
that isn't Linux) so we're working out what our requirements are as we
go along.
I'd probably be expressing concerns if, eg, we were porting our
distribution to a kernel that didn't have support for some form of access
control, whether it be "user" based, or something else. Some (security
related) features are just fundamentally necessary to have if you're
trying to produce a functional operating system in this day and age.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``BAM! Science triumphs again!''
-- http://www.angryflower.com/vegeta.gif
Attachment:
pgp6znzITUAS9.pgp
Description: PGP signature