Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Oct 2000 19:51:52 +1100
From:      "Andrew Reilly" <areilly@bigpond.net.au>
To:        Nik Clayton <nik@FreeBSD.ORG>
Cc:        Poul-Henning Kamp <phk@critter.freebsd.dk>, arch@FreeBSD.ORG
Subject:   Tools not policies, was: Re: cvs commit: src/etc inetd.conf
Message-ID:  <20001014195151.A92603@gurney.reilly.home>
In-Reply-To: <20001013171451.A21236@canyon.nothing-going-on.org>; from nik@FreeBSD.ORG on Fri, Oct 13, 2000 at 05:14:52PM %2B0100
References:  <20001010124352.A54458@dragon.nuxi.com> <73714.971208688@critter> <20001013171451.A21236@canyon.nothing-going-on.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 13, 2000 at 05:14:52PM +0100, Nik Clayton wrote:
> On Tue, Oct 10, 2000 at 10:11:28PM +0200, Poul-Henning Kamp wrote:
> > FreeBSD: Tools, not policies.
> 
> Everybody keeps repeating this like a mantra, but it's ignoring the fact
> that somewhere you have to have a default policy.

It's important to provide all of the tools: that's Unix.  It's
important that each and every "out of the box" policy be readily
changed by users/administrators.  That's why most such policies
exist as tweakable parameters or shell scripts.  It may well be
desirable that there be large knobs, that provide a range of
"canned" policies.

The days when a widely-distributed OS consisted of tools only,
and no (default) policies, are long gone.  No-one has the time
to tweak it all from scratch: it has to do something sensible
out of the box.  Think about it: no policies at all would be
like shipping the system with /etc completely bare.  Everything
that _is_ shipped in /etc currently is default policy.  All of
/etc/periodic, login.conf, and yes: inetd.conf.

Most of us are comfortable with the default policies, because
they reflect Unix tradition.  Sometimes the traditional ways
are found wanting, and then it's often reasonable to change the
default policies.  We did so with the rearrangement of periodic,
and the creation of /usr/local/etc/rc.d, and turning finger and
a bunch of built-in services off in inetd.conf.

I'm not suggesting that telnet (or anything else) should be
turned off by default.

I am suggesting that "canned" policies are more than useful:
they're necessary.  We should strive to make them "right" for
the widest possible audience.  But we shouldn't fool ourselves
that by configuring things one way or another that we're not
setting policy.

-- 
Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001014195151.A92603>