From owner-freebsd-arch  Fri Feb 16 13:15:25 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id C6FEF37B503
	for <arch@FreeBSD.ORG>; Fri, 16 Feb 2001 13:15:20 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1GLDNh61731;
	Fri, 16 Feb 2001 16:13:23 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 16 Feb 2001 16:13:23 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Terry Lambert <tlambert@primenet.com>
Cc: Cy.Schubert@uumail.gov.bc.ca,
	Matt Dillon <dillon@earth.backplane.com>,
	Dag-Erling Smorgrav <des@ofug.org>, Mark Murray <mark@grondar.za>,
	arch@FreeBSD.ORG
Subject: Re: List of things to move from main tree to ports (was Re:
In-Reply-To: <200102162040.NAA08079@usr05.primenet.com>
Message-ID: <Pine.NEB.3.96L.1010216161003.59690E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Fri, 16 Feb 2001, Terry Lambert wrote:

> Security is always a tradeoff between usability and safety. 

I keep hearing this concept bandied about like it was pure truth, and
frankly, I don't think it is.  Some of aspects of the security problem
reduce usability, but others don't.  It improves security to correctly
implement string handling in network daemons.  But it also improves
correctness, consistency and stability, and those are important components
of having a usable system.  So I think that the above statement is really
a common misconception.  I'd dig up some dead Greeks, but it seems like a
lot of trouble simply to state:

Security can cause reduced usability.
Security can cause increased usability.

The goal is to have enough of the former to satisfy your needs, and as
much of the latter as possible.  I.e., show me the last time the fact that
your BIND8 server had a remote root compromise improved usability.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message