On Mon, May 20, 2002 at 12:13:41PM -0700, Thomas Bushnell, BSG wrote: > "John H. Robinson, IV" <jhriv@ucsd.edu> writes: > > Debian (using a linux, bsd, or gnumach/l4 (micro)kernel) should be > > ``Secure by default.'' if this means that no firewalling -> no debian > > release, then so be it. > 1. Debian does not have firewalling by default, so if firewalling is > necessary for security, then it is not secure by default. It does: it has spoof protection enabled and forwarding disabled by default. In any event, default behaviour isn't the issue: it's whether or not you have any real control over your network interfaces. > 2. Firewalling is not actually an asset in network security; the > notion that it is is misguided and thoroughgoingly erroneous. That's the most bizarre statement I've seen for at least an hour. > 3. Picking some random kernel feature and saying "this must be there > or it can't be Debian" is not appropriate. *shrug* You can think that if it gives you a happy. Doesn't make it true, though. In reality we haven't done this before (ported Debian to something that isn't Linux) so we're working out what our requirements are as we go along. I'd probably be expressing concerns if, eg, we were porting our distribution to a kernel that didn't have support for some form of access control, whether it be "user" based, or something else. Some (security related) features are just fundamentally necessary to have if you're trying to produce a functional operating system in this day and age. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``BAM! Science triumphs again!'' -- http://www.angryflower.com/vegeta.gif
Attachment:
pgp6znzITUAS9.pgp
Description: PGP signature