From owner-freebsd-hackers Tue Apr 23 14:29:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 8291437B41C; Tue, 23 Apr 2002 14:29:18 -0700 (PDT) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3NLTGoh045928; Tue, 23 Apr 2002 17:29:16 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Tue, 23 Apr 2002 17:29:14 -0400 To: Robert Watson From: Garance A Drosihn Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2:37 PM -0400 4/23/02, Robert Watson wrote: >Here I'll disagree with you: we make a concerted effort to >produce a system that is safe to use. This involves a number >of things, and it doesn't just mean security fixes. I would >argue that we have a moral obligation to do so. I agree that there is this obligation. I also observe that the internet is unquestionably getting to be a more hostile place, and we have to adapt the system to stand up to that hostility. Let me claim that it is fact that we will have to make changes to the default system configuration, and that we will also have to make changes to the "preferred" system configurations when someone is just upgrading. I recognize that some people disagree with that (particularly the second half), but let me claim that for the moment. I think an important component of any such change is making sure the "right people" find out what changed, and that they get this information when they *need* it, and not as part of some 20,000 line "README" file which we know no one will read because it's too damn big. In the case of the sshd change, the change was simply wrong and should be fixed. Just MO... :-) In the case of the 'startx -listen_tcp' option, is there some thing we could set up so a person who *wanted* the former behavior is given quick notification of exactly why things "suddenly stopped working". Note that the person who runs into the problem is not necessarily the same person who did the system upgrade. I think it's doable, if we just took the attitude that it needed to be done. Some of these changes catch me offguard too, and most of the time it is not the change itself which bothers me, it's the six hours I spent trying to find out why something stopped working. (a six-hour period which may not start until a week or two after the system upgrade...) I think that's the part we need to improve on. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message