Date: Thu, 25 Apr 2002 12:02:59 +0930 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: Robert Watson <rwatson@FreeBSD.org>, Jordan Hubbard <jkh@winston.freebsd.org>, Oscar Bonilla <obonilla@galileo.edu>, Anthony Schneider <aschneid@mail.slc.edu>, Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>, hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020425120259.B79657@wantadilla.lemis.com> In-Reply-To: <20020424122754.GC42969@madman.nectar.cc> References: <20020423131646.I6425@wantadilla.lemis.com> <Pine.NEB.3.96L.1020423110123.64976j-100000@fledge.watson.org> <20020424090655.O6425@wantadilla.lemis.com> <20020424122754.GC42969@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 24 April 2002 at 7:27:55 -0500, Jacques A. Vidrine wrote: > On Wed, Apr 24, 2002 at 09:06:55AM +0930, Greg 'groggy' Lehey wrote: >> I think the issue here is that individuals make this kind of decision. >> We need a broader consensus for this kind of change. As Jochem points >> out, only 3 people were involved in the decision, all of them people >> with security profiles which weren't affected by this change. > > What, he should have gotten 30 reviewers? I think what is happening > here is exactly what should happen: it seems like a good idea to one > guy; he implements it. He shows it to a few more folks; they think it > is a good idea, too. It gets committed, and the majority of people > either don't notice it or believe it is a good feature. > > But the majority doesn't rule. > > The feature sits in the tree and maybe people run into problems with > it. If so, it gets fine tuned or backed out. I think this is what is > supposed to happen. > > For my part, I would like to see the change backed out and rethought. > I like having the X server not doing TCP by default, but this change > loses because: > > = It breaks existing configurations with no warning. > = The option is in the wrong place (startx) and there is apparently > no way to override the default. > > I think it would be better to just put `-nolisten tcp' in > /usr/X11R6/lib/X11/xinit/xserverrc for new installations only. Then > the system administrator could easily override it for all users; and > at least a user can override it for herself. If he knew about it. Look at my last message to Terry: we're talking about a package we don't control here. If somebody comes to FreeBSD from another system and X doesn't work the way he expects, he'll blame FreeBSD, not X. > Disclosure: I'm unhappy that after upgrading my laptop yesterday, I > found I couldn't run `x2x', Because of this issue? > and had to restart my X session to remedy the problem. At least you knew what the problem was. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020425120259.B79657>