Date: Sat, 30 Sep 2000 15:29:17 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Roman Shterenzon <roman@xpert.com> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Adam Laurie <adam@algroup.co.uk>, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930152917.E25121@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.LNX.4.10.10009302338320.29650-100000@jamus.xpert.com>; from roman@xpert.com on Sat, Sep 30, 2000 at 11:43:20PM %2B0200 References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> <Pine.LNX.4.10.10009302338320.29650-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > Still, I think the default should be "insecure" install, since most > machines are firewalled. This brings up a funny problem. The people putting up boxes behind firewalls are typically the ones who know what they are doing, your pro and semi-pro sysadmin. They don't need the 'dumb defaults' on the system to turn stuff on for them. They could and often are going to customize that stuff anyway. The people putting up boxes naked on the net are many time your home coax cable, DSL, etc. users. They are less likely to know what they are doing. They are the ones the dumb defaults are aimed at. So, we have an interesting situation. The very person the dumb defaults are aimed at, the UNIX newbie, is the same person who is most likely to be running the machine naked on the net and have the least understanding of the security implications of his actions. Worrying about how the default install affects the experienced user is not too much of a concern since the experienced user knows how to turn stuff on and off (but personally, I'd rather have it all off). I guess I am one of the few that thinks we should default off for the good of the newbie user, rather than save the newbie 5 minutes of RTFM to turn on telnet and ftp. Just everyone hope no exploit like the recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000930152917.E25121>