From owner-freebsd-security  Sun Jul  7 18:30:34 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5986137B400
	for <security@FreeBSD.org>; Sun,  7 Jul 2002 18:30:32 -0700 (PDT)
Received: from 12-234-90-219.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D29B143E4A
	for <security@FreeBSD.org>; Sun,  7 Jul 2002 18:30:31 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from Master.gorean.org (master.gorean.org [10.0.0.2])
	by 12-234-90-219.client.attbi.com (8.12.3/8.12.3) with ESMTP id g681UIBw089663;
	Sun, 7 Jul 2002 18:30:24 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from localhost (doug@localhost)
	by Master.gorean.org (8.12.5/8.12.5/Submit) with ESMTP id g681KT0u001864;
	Sun, 7 Jul 2002 18:20:30 -0700 (PDT)
X-Authentication-Warning: Master.gorean.org: doug owned process doing -bs
Date: Sun, 7 Jul 2002 18:20:29 -0700 (PDT)
From: Doug Barton <DougB@FreeBSD.org>
To: "F. Even" <freebsdlists@elitists.org>
Cc: security@FreeBSD.org
Subject: Re: Default ssh protocol in -STABLE [was:
In-Reply-To: <B94E4FB7.1055E%freebsdlists@elitists.org>
Message-ID: <20020707181827.P679-100000@master.gorean.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, 7 Jul 2002, F. Even wrote:

> Really?  I seem to have noticed the introduction of a "periodic.conf"
> between 4.0 and 4.4.  While it was pleasant to see it, it was still a
> change.

A) I'm still categorically opposed to /etc/defaults/anything... I think
it's way too dangerous a toy to play with.

B) They actually did things fairly well with the periodic thing, in that
the default configuration did *exactly* what the old, non-configurable
scripts did.

In short, you're confusing "method of instituting policy" with "policy."
It's sometimes ok to change one, it's never ok to change the other.


> If I'm understanding right, this change is not going to be introduced into
> "RELENG_4_ver,"

You are not understanding right.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message