[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

On Wed, May 22, 2002 at 05:33:50PM +1000, Anthony Towns wrote:
> On Tue, May 21, 2002 at 03:43:50PM -0700, Thomas Bushnell, BSG wrote:
> > Anthony Towns <aj@azure.humbug.org.au> writes:
> > > Firewalling tools are provided with the Debian system.
> > > Firewalling tools are not available for Debian GNU/Hurd.
> > > Debian GNU/Hurd will not be released until they are available.
> > I think that it is foolish to insist on this.  Router firewalling
> > tools, for example, are not necessary unless the Hurd has router
> > forwarding capacity
> 
> Then provide host firewalling tools. I'm sure the Hurd can act as a host.

I don't see any reason for this. We can have a secure system without
firewalling tools.
 
> > --which it does not, and is such a low priority we might never have it.
> 
> Then you might never release. *shrug*

Why do you think that the Hurd depends on Debian?
 
> > Similarly, we might have a totally different way of getting whatever
> > security benefits accrue to host-based firewalling.  I have no idea!
> 
> If you have a totally different way of getting those security benefits,
> then that counts as "firewalling tools" and this is a null issue. Since
> you've got no idea, I suspect you don't have such a way though.

We have.
 
> Note that, following Linux's precedent, there's no need to have your first
> implementation by elegant. You can rip it out entirely when you think of
> a better way to do it, and have all the userspace tools breaks, and just
> provide a kludgy script to replace it, and people won't particularly mind.

No, at least my philosophy is "you do something the right way or you
don't do it at all". But we already have ripped the Linux TCP/IP stack
because we didn't have the time to develop our own stack so it might be
possible to use the firewall things already in it. But that doesn't mean
that when somebody develops a new TCP/IP stack firewalling will be a
high priority. I actually don't really want to see things as packet
filtering implemented in this new stack but I doesn't make sense to
start a discussion about a new stack before anybody volunteers to
write it.

Jeroen Dekkers
-- 
Jabber ID: jdekkers@jabber.org  IRC ID: jeroen@openprojects
GNU supporter - http://www.gnu.org

Attachment: pgps157Wd1Vl0.pgp
Description: PGP signature

Reply to: