From owner-freebsd-arch Sat Oct 14 1:52: 9 2000 Delivered-To: freebsd-arch@freebsd.org Received: from sr14.nsw-remote.bigpond.net.au (sr14.nsw-remote.bigpond.net.au [24.192.3.29]) by hub.freebsd.org (Postfix) with ESMTP id 8E23637B66E for ; Sat, 14 Oct 2000 01:52:06 -0700 (PDT) Received: from areilly.bpc-users.org (CPE-144-132-245-92.nsw.bigpond.net.au [144.132.245.92]) by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id TAA25290 for ; Sat, 14 Oct 2000 19:51:52 +1100 (EDT) Received: (qmail 19884 invoked by uid 1000); 14 Oct 2000 08:51:52 -0000 From: "Andrew Reilly" Date: Sat, 14 Oct 2000 19:51:52 +1100 To: Nik Clayton Cc: Poul-Henning Kamp , arch@FreeBSD.ORG Subject: Tools not policies, was: Re: cvs commit: src/etc inetd.conf Message-ID: <20001014195151.A92603@gurney.reilly.home> References: <20001010124352.A54458@dragon.nuxi.com> <73714.971208688@critter> <20001013171451.A21236@canyon.nothing-going-on.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001013171451.A21236@canyon.nothing-going-on.org>; from nik@FreeBSD.ORG on Fri, Oct 13, 2000 at 05:14:52PM +0100 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Oct 13, 2000 at 05:14:52PM +0100, Nik Clayton wrote: > On Tue, Oct 10, 2000 at 10:11:28PM +0200, Poul-Henning Kamp wrote: > > FreeBSD: Tools, not policies. > > Everybody keeps repeating this like a mantra, but it's ignoring the fact > that somewhere you have to have a default policy. It's important to provide all of the tools: that's Unix. It's important that each and every "out of the box" policy be readily changed by users/administrators. That's why most such policies exist as tweakable parameters or shell scripts. It may well be desirable that there be large knobs, that provide a range of "canned" policies. The days when a widely-distributed OS consisted of tools only, and no (default) policies, are long gone. No-one has the time to tweak it all from scratch: it has to do something sensible out of the box. Think about it: no policies at all would be like shipping the system with /etc completely bare. Everything that _is_ shipped in /etc currently is default policy. All of /etc/periodic, login.conf, and yes: inetd.conf. Most of us are comfortable with the default policies, because they reflect Unix tradition. Sometimes the traditional ways are found wanting, and then it's often reasonable to change the default policies. We did so with the rearrangement of periodic, and the creation of /usr/local/etc/rc.d, and turning finger and a bunch of built-in services off in inetd.conf. I'm not suggesting that telnet (or anything else) should be turned off by default. I am suggesting that "canned" policies are more than useful: they're necessary. We should strive to make them "right" for the widest possible audience. But we shouldn't fool ourselves that by configuring things one way or another that we're not setting policy. -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message