Re: hurd does NOT need /hurd
Anthony Towns <aj@azure.humbug.org.au> writes:
> No, that's not the case. If I have faith in the reliability of the
> service in normal use, but none in its security, I ensure that it's only
> accessible by *people* I have faith in. I can do that with firewalling
> tools.
The general use of firewalling that I think has some sensibility is
when you have a network administrator who is administratively separate
from the people in the network, and in which the network administrator
trusts the people in his network not to be malicious, but he doesn't
trust them to be good security administrators.
In that case, he can block ports which are commonly used to violate
badly configured machines behind his network. This doesn't help at
all against the person behind the firewall who just runs services on a
different port, or sets up firewalls, and the like; hence the
qualification that he must still trust them not to be malicious.
"Firewalling" on a single host is mostly a way to cheaply fix a bunch
of problems rather than fixing them one at a time. It's not
inherently necessary if the other things don't already have gobs of
bugs.
In any case, none of this is anywhere near the most important
obstacles keeping the Hurd from Prime Time. Way, way, way down on the
list.
> Because I'm not talking about defaults. Nor am I talking about things that
> everyone will be compelled to use. I'm talking about features that *must*
> be made available for me to be able to look someone in the eye and say
> "Yes, Debian GNU/Hurd 3.1 is ready for your use."
I think that depends on who the "you" is that you are talking to, and
it's misguided to think the answer must be the same for everyone.
Thomas
--
To UNSUBSCRIBE, email to debian-hurd-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: