From owner-freebsd-arch Sat Feb 17 6:16:31 2001 Delivered-To: freebsd-arch@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8291037B401 for ; Sat, 17 Feb 2001 06:16:28 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1HEE7h71993; Sat, 17 Feb 2001 09:14:09 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 17 Feb 2001 09:14:07 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Terry Lambert Cc: Cy.Schubert@uumail.gov.bc.ca, Matt Dillon , Dag-Erling Smorgrav , Mark Murray , arch@FreeBSD.ORG Subject: Re: List of things to move from main tree to ports (was Re: In-Reply-To: <200102170031.RAA17052@usr05.primenet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 17 Feb 2001, Terry Lambert wrote: > > > Security is always a tradeoff between usability and safety. > > > > I keep hearing this concept bandied about like it was pure truth, and > > frankly, I don't think it is. Some of aspects of the security problem > > reduce usability, but others don't. It improves security to correctly > > implement string handling in network daemons. But it also improves > > correctness, consistency and stability, and those are important components > > of having a usable system. So I think that the above statement is really > > a common misconception. I'd dig up some dead Greeks, but it seems like a > > lot of trouble simply to state: > > > > Security can cause reduced usability. > > Security can cause increased usability. > If your problem with these things is string handling, then fix the > string handling; there's a lot of code we could dike out as being > "insecure", but which we leave lying around. Funny, I've been arguing much the same thing, in two forms: 1) Keep it in the tree but improve installation and build modularity, because integrated software is more likely to be a part of the system security design 2) Keep it in the tree but fix it, and require higher standards for developers adding new code so that the code doesn't get "bad" in the first place So I think you might be arguing with the wrong person. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message