Date: Fri, 14 Jul 2000 18:35:33 -0600 From: Colin Faber <cfaber@fpsn.net> Cc: security@FreeBSD.ORG Subject: ENOUGH Re: Displacement of Blame[tm] Message-ID: <396FB1D5.33A36340@fpsn.net> References: <00071411574600.46406@foo.akitanet.co.uk> <4.3.2.20000714120547.00b2f730@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
COULD YOU PLEASE CLOSE THIS DAMN TOPIC Im tried of hearing you all bicker "Jeffrey J. Mountin" wrote: > > At 10:53 AM 7/14/00 -0500, Marc Rassbach wrote: > > >On Fri, 14 Jul 2000, Paul Robinson wrote: > > > > > <rant> > > > Anybody who just does cd /usr/ports/<area>/<package> and then types 'make; > > > make install' deserves to be r00ted in 5 minutes anyway. > > > >This is a rather poor attitude. The less sites the script kiddies have > >to launch thier attacks from, the harder it will be for the kids to > >hide. It is in ALL of our interests to have hosts secure. > > And networks as part of a "good neighbor" policy. > > >And doesn't > >comment well on how you think > >the ports of FreeBSD is done. Ports and the job done there is part of > >what makes FreeBSD as nice as it is. > > Convenient they are. On the negative side, they tend to make one a bit lazy. > > >ANY system 'set up and forgotten' is subject to attack and eventually will > >fail. The white hats only have to screw up once. The black hats get to > >try over and over again. > > > >But to blame ports for making FreeBSD 'less secure', it sounds like you > >should then be looking at OpenBSD. A nice minimalist system, lacking the > >richness of FreeBSD. > > The ultimate security is a good memory. Rather than blame ports one should > evalute the risks. > > > > What I would propose is this - why don't we have 2 lists - one for > > > freebsd-security where genuine issues with security in the core FreeBSD > > > distro are discussed, and another (freebsd-ports-security for example) > > where > > > announcments on ports shipped with FreeBSD are announced. > > > >Nothing stopping you, Brett or someone else making a second list. > > > >This whole idea came up a few months ago, and the same suggestion > >was made for a different list to serve this need. > > And it came up on -stable a few days back. Again because of too many > messages that didn't seem to suit the person's needs and/or perception of > the list. > > >If you feel the present list doesn't do the job, start your own version > >that you feel *DOES* do the job. And, if it *IS* is a better list > >(better==more popular) one of two things will happen: > >1) you will get the job of managing the security list. > >2) your ideas will be taken, and used to manage the security list. > > > >Taking the action of creating a new list controlled by the people who want > >change, doen on their serveres, done there way, would address the > >concerns the people who want change have. > >And, like the history of UNIX itself, if the new list has the better idea, > >it will float to the top. > > Out of the lists I read regularly and infrequently -security is low > traffic, high content, and low noise. Generally. > > Starting a new list due to a surge of OT postings could result in a > proliferation of lists and those wishing to catch messages of value would > need to track even more lists. > > No thanks. > > Jeff Mountin - jeff@mountin.net > Systems/Network Administrator > FreeBSD - the power to serve > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?396FB1D5.33A36340>