From owner-freebsd-arch Thu Oct 12 19:41:10 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6E0F737B66D for ; Thu, 12 Oct 2000 19:41:07 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e9D2f3n27700; Thu, 12 Oct 2000 20:41:04 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA74634; Thu, 12 Oct 2000 20:41:03 -0600 (MDT) Message-Id: <200010130241.UAA74634@harmony.village.org> To: Alfred Perlstein Subject: Re: cvs commit: src/etc inetd.conf Cc: Marius Bendiksen , arch@FreeBSD.ORG In-reply-to: Your message of "Thu, 12 Oct 2000 14:28:26 PDT." <20001012142826.U272@fw.wintelcom.net> References: <20001012142826.U272@fw.wintelcom.net> <20001011160604.T272@fw.wintelcom.net> Date: Thu, 12 Oct 2000 20:41:02 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Since it was people on the Security Officer team that wanted a change, and since we've since come to agreement that the current status quo wrt telnet is desirable, I think we're done with this discussion. Why do people keep taking pot shots when the final resolution has happened, and has been announced? To recapitulate: sysinstall will control inetd starting. telnet will remain enabled in inet.conf until such time as there's a tool that sysinstall, or its successor, can use to config things at install time. So if someone relaly wants things to change, then that person must produce a tool that will allow us to get past the sniping. Otherwise the status quo remains in force with the full support of the FreeBSD Security Officer Team. Yes, we are setting policy. However, the old system also set policy. there was a time when people shipped systems with "+ +" in /etc/hosts.equiv. Times change. There will come a day when telnet is no longer enabled by default and you have to do special things to enable it, just like today you have to do special things to enable the old "I trust everybody" behavior. Today isn't that day. You can call it policy and that we don't set policy, but that would be to ignore history. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message