Date: Tue, 23 Apr 2002 11:28:44 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Jochem Kossen <j.kossen@home.nl> Cc: frank@exit.com, Greg 'groggy' Lehey <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <3CC5A7DC.FD06DC11@mindspring.com> References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Jochem Kossen wrote: > On Tuesday 23 April 2002 16:54, Frank Mayhar wrote: > > Jochem Kossen wrote: > > > Because things evolve? :) > > > > You say "evolve." I say "get broken." > > Don't tell me that in 11 years, defaults never change When the routing code was changed, back in the mid 1990's, X.25 and ISODE were both broken, for lack of maintenance: the changes were not made globally. X.25 and ISODE were then removed "due to bit rot". The entire idea of "bit rot" is really "the code did not keep ``up to date'' with my changes, which broke the code", which is really a ridiculous position. It really pissed me off when the AHA-1742 support dropped out when CAM came in, but that, at least, was understandable, since it was a trade: something deisrable for something less desirable to the majority of users. You really *can not* blame breaking "something that used to work but which no longer works" on "evolution". > > It's not obvious when one has been starting X with the same command > > for years and it has never before changed. Gee, seems to seriously > > violate POLA, eh? > > I agree, but i still wonder why people didn't come up with it sooner Mostly, because most people don't run -current, and because the X11 distribution is not nearly as modular as it should be, if this type of change is to be generally permitted. > > Just don't do it in the first place. If you must have this, make a > > _new_ command ("secure-startx," perhaps) and point to it in the > > release notes. > > This is a very good idea IMHO, although without the patch 'startx > -nolisten_tcp' works too...Then i'd say rip the patch out completely That handles this particular case, but dodges the general policy issue ...which I guess is the point: "Never put off until tomorrow what you can put off indefinitely" ;^). > It is useless to _me_ because i don't use it. Like i said in a previous > mail, I didn't like the default, so I sent in the patch as a proposal > to the ports@ mailinglist, and they all seemed to like it too. Nobody > complained, thus the patch was integrated. Simple. Not the most likely place for X11 people to see the issue and become involved in a discussion: X11 is unfortunately not a proper port in the common case, but is rather a set of distfiles: a tar archive split into chunks, and managed by "sysinstall". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC5A7DC.FD06DC11>