Date: Sat, 14 Oct 2000 19:51:52 +1100 From: "Andrew Reilly" <areilly@bigpond.net.au> To: Nik Clayton <nik@FreeBSD.ORG> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, arch@FreeBSD.ORG Subject: Tools not policies, was: Re: cvs commit: src/etc inetd.conf Message-ID: <20001014195151.A92603@gurney.reilly.home> In-Reply-To: <20001013171451.A21236@canyon.nothing-going-on.org>; from nik@FreeBSD.ORG on Fri, Oct 13, 2000 at 05:14:52PM %2B0100 References: <20001010124352.A54458@dragon.nuxi.com> <73714.971208688@critter> <20001013171451.A21236@canyon.nothing-going-on.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 13, 2000 at 05:14:52PM +0100, Nik Clayton wrote: > On Tue, Oct 10, 2000 at 10:11:28PM +0200, Poul-Henning Kamp wrote: > > FreeBSD: Tools, not policies. > > Everybody keeps repeating this like a mantra, but it's ignoring the fact > that somewhere you have to have a default policy. It's important to provide all of the tools: that's Unix. It's important that each and every "out of the box" policy be readily changed by users/administrators. That's why most such policies exist as tweakable parameters or shell scripts. It may well be desirable that there be large knobs, that provide a range of "canned" policies. The days when a widely-distributed OS consisted of tools only, and no (default) policies, are long gone. No-one has the time to tweak it all from scratch: it has to do something sensible out of the box. Think about it: no policies at all would be like shipping the system with /etc completely bare. Everything that _is_ shipped in /etc currently is default policy. All of /etc/periodic, login.conf, and yes: inetd.conf. Most of us are comfortable with the default policies, because they reflect Unix tradition. Sometimes the traditional ways are found wanting, and then it's often reasonable to change the default policies. We did so with the rearrangement of periodic, and the creation of /usr/local/etc/rc.d, and turning finger and a bunch of built-in services off in inetd.conf. I'm not suggesting that telnet (or anything else) should be turned off by default. I am suggesting that "canned" policies are more than useful: they're necessary. We should strive to make them "right" for the widest possible audience. But we shouldn't fool ourselves that by configuring things one way or another that we're not setting policy. -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001014195151.A92603>