On Sun, Jul 03, 2005 at 11:25:21AM -0500, Adam Fabian wrote: > The short version is that you must trust the root user, period That's nice as a general guideline, but most of the time you have no reason to trust *or* distrust the root user. Most people's sysadmins are through big corporations like Pair or Earthlink or whatever. Users have no reason to trust those companies, except perhaps if the companies have included some data-protection constraints in their warrantees. Assuming that these people should be trusted is no better than assuming that a company like Verisign should be trusted; in both cases you're assuming that trust follows axiomatically from authority. In some cases that makes sense (I trust the New York Times more than I trust Indymedia, say, because more people are watching when the NYT makes a mistake), but not usually. That's why I'm a fan of the PGP web of trust. Anyway, the point is that you really *shouldn't* trust the root user if you don't have to. And if you can encrypt your filesystem, you should. -- Stephen R. Laniel steve@laniels.org +(617) 308-5571 http://laniels.org/ PGP key: http://laniels.org/slaniel.key
Attachment:
signature.asc
Description: Digital signature