Date: Tue, 23 Apr 2002 03:21:46 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: "Greg 'groggy' Lehey" <grog@FreeBSD.ORG> Cc: Jochem Kossen <j.kossen@home.nl>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423032146.A490@HAL9000.wox.org> In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 06:34:52PM %2B0930 References: <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Greg 'groggy' Lehey <grog@FreeBSD.ORG>: > work done. And you can bet your bottom dollar that somebody coming > from another UNIX variant and trying out FreeBSD won't do so. They'll > just say that it's broken and wander off again. I agree with this point, in general. FreeBSD shouldn't be like OpenBSD, where everything is so secure by default that you can't get anything done. For example, most people who use X don't know---and don't want to know---how it works. If the defaults are too restrictive, they will be frustrated, and maybe they'll figure out how to make things unrestrictive without understanding what's going on. On the other hand, if the defaults are not cautious enough, the same people will need to apply patches when the next remotely exploitable hole in X is found, and many of them won't bother. I'm a bit more wary of third-party applications, particularly big ones like X, so disabling TCP connections by default seems like a reasonable thing to do. But it should have been documented in a place where people actually look when they upgrade. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423032146.A490>