From owner-freebsd-hackers Wed Apr 24 19:34:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 4713137B41B; Wed, 24 Apr 2002 19:34:24 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id DB38F8143D; Thu, 25 Apr 2002 12:02:59 +0930 (CST) Date: Thu, 25 Apr 2002 12:02:59 +0930 From: Greg 'groggy' Lehey To: "Jacques A. Vidrine" Cc: Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020425120259.B79657@wantadilla.lemis.com> References: <20020423131646.I6425@wantadilla.lemis.com> <20020424090655.O6425@wantadilla.lemis.com> <20020424122754.GC42969@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424122754.GC42969@madman.nectar.cc> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, 24 April 2002 at 7:27:55 -0500, Jacques A. Vidrine wrote: > On Wed, Apr 24, 2002 at 09:06:55AM +0930, Greg 'groggy' Lehey wrote: >> I think the issue here is that individuals make this kind of decision. >> We need a broader consensus for this kind of change. As Jochem points >> out, only 3 people were involved in the decision, all of them people >> with security profiles which weren't affected by this change. > > What, he should have gotten 30 reviewers? I think what is happening > here is exactly what should happen: it seems like a good idea to one > guy; he implements it. He shows it to a few more folks; they think it > is a good idea, too. It gets committed, and the majority of people > either don't notice it or believe it is a good feature. > > But the majority doesn't rule. > > The feature sits in the tree and maybe people run into problems with > it. If so, it gets fine tuned or backed out. I think this is what is > supposed to happen. > > For my part, I would like to see the change backed out and rethought. > I like having the X server not doing TCP by default, but this change > loses because: > > = It breaks existing configurations with no warning. > = The option is in the wrong place (startx) and there is apparently > no way to override the default. > > I think it would be better to just put `-nolisten tcp' in > /usr/X11R6/lib/X11/xinit/xserverrc for new installations only. Then > the system administrator could easily override it for all users; and > at least a user can override it for herself. If he knew about it. Look at my last message to Terry: we're talking about a package we don't control here. If somebody comes to FreeBSD from another system and X doesn't work the way he expects, he'll blame FreeBSD, not X. > Disclosure: I'm unhappy that after upgrading my laptop yesterday, I > found I couldn't run `x2x', Because of this issue? > and had to restart my X session to remedy the problem. At least you knew what the problem was. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message