Date: Fri, 14 Jul 2000 12:20:29 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Marc Rassbach <marc@milestonerdl.com>, Paul Robinson <wigstah@akitanet.co.uk> Cc: security@FreeBSD.ORG Subject: Re: Displacement of Blame[tm] Message-ID: <4.3.2.20000714120547.00b2f730@207.227.119.2> In-Reply-To: <Pine.BSF.4.21.0007140851370.31439-100000@tandem.milestoner dl.com> References: <00071411574600.46406@foo.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:53 AM 7/14/00 -0500, Marc Rassbach wrote: >On Fri, 14 Jul 2000, Paul Robinson wrote: > > > <rant> > > Anybody who just does cd /usr/ports/<area>/<package> and then types 'make; > > make install' deserves to be r00ted in 5 minutes anyway. > >This is a rather poor attitude. The less sites the script kiddies have >to launch thier attacks from, the harder it will be for the kids to >hide. It is in ALL of our interests to have hosts secure. And networks as part of a "good neighbor" policy. >And doesn't >comment well on how you think >the ports of FreeBSD is done. Ports and the job done there is part of >what makes FreeBSD as nice as it is. Convenient they are. On the negative side, they tend to make one a bit lazy. >ANY system 'set up and forgotten' is subject to attack and eventually will >fail. The white hats only have to screw up once. The black hats get to >try over and over again. > >But to blame ports for making FreeBSD 'less secure', it sounds like you >should then be looking at OpenBSD. A nice minimalist system, lacking the >richness of FreeBSD. The ultimate security is a good memory. Rather than blame ports one should evalute the risks. > > What I would propose is this - why don't we have 2 lists - one for > > freebsd-security where genuine issues with security in the core FreeBSD > > distro are discussed, and another (freebsd-ports-security for example) > where > > announcments on ports shipped with FreeBSD are announced. > >Nothing stopping you, Brett or someone else making a second list. > >This whole idea came up a few months ago, and the same suggestion >was made for a different list to serve this need. And it came up on -stable a few days back. Again because of too many messages that didn't seem to suit the person's needs and/or perception of the list. >If you feel the present list doesn't do the job, start your own version >that you feel *DOES* do the job. And, if it *IS* is a better list >(better==more popular) one of two things will happen: >1) you will get the job of managing the security list. >2) your ideas will be taken, and used to manage the security list. > >Taking the action of creating a new list controlled by the people who want >change, doen on their serveres, done there way, would address the >concerns the people who want change have. >And, like the history of UNIX itself, if the new list has the better idea, >it will float to the top. Out of the lists I read regularly and infrequently -security is low traffic, high content, and low noise. Generally. Starting a new list due to a surge of OT postings could result in a proliferation of lists and those wishing to catch messages of value would need to track even more lists. No thanks. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20000714120547.00b2f730>