From owner-freebsd-hackers  Thu Apr 25  8:13: 3 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail.rapidsite.net (mail.rapidsite.net [207.158.192.62])
	by hub.freebsd.org (Postfix) with SMTP id 0A88837B42A
	for <hackers@FreeBSD.org>; Thu, 25 Apr 2002 08:12:56 -0700 (PDT)
Received: from r00.nat.boca.verio.net (208.55.254.110)
	by mail.rapidsite.net (RS ver 1.0.63s) with SMTP id 06516901;
	Thu, 25 Apr 2002 11:12:41 -0400 (EDT)
Received: from shade.nectar.cc (shade.nectar.cc [127.0.0.1])
	by shade.nectar.cc (8.12.3/8.12.3) with ESMTP id g3PFDf0i007853;
	Thu, 25 Apr 2002 10:13:41 -0500 (CDT)
	(envelope-from nectar@shade.nectar.cc)
Received: (from nectar@localhost)
	by shade.nectar.cc (8.12.3/8.12.3/Submit) id g3PFDdSa007852;
	Thu, 25 Apr 2002 10:13:39 -0500 (CDT)
Date: Thu, 25 Apr 2002 10:13:39 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: "Greg 'groggy' Lehey" <grog@FreeBSD.org>
Cc: Robert Watson <rwatson@FreeBSD.org>,
	Jordan Hubbard <jkh@winston.freebsd.org>,
	Oscar Bonilla <obonilla@galileo.edu>,
	Anthony Schneider <aschneid@mail.slc.edu>,
	Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>,
	hackers@FreeBSD.org
Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID: <20020425151339.GB7802@shade.nectar.cc>
References: <20020423131646.I6425@wantadilla.lemis.com> <Pine.NEB.3.96L.1020423110123.64976j-100000@fledge.watson.org> <20020424090655.O6425@wantadilla.lemis.com> <20020424122754.GC42969@madman.nectar.cc> <20020425120259.B79657@wantadilla.lemis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020425120259.B79657@wantadilla.lemis.com>
User-Agent: Mutt/1.3.28i
X-Url: http://www.nectar.cc/
X-Loop-Detect: 1
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Thu, Apr 25, 2002 at 12:02:59PM +0930, Greg 'groggy' Lehey wrote:
> > I think it would be better to just put `-nolisten tcp' in
> > /usr/X11R6/lib/X11/xinit/xserverrc for new installations only.  Then
> > the system administrator could easily override it for all users; and
> > at least a user can override it for herself.
> 
> If he knew about it.  

It's the old documentation trick.

> Look at my last message to Terry: we're talking
> about a package we don't control here.  If somebody comes to FreeBSD
> from another system and X doesn't work the way he expects, he'll blame
> FreeBSD, not X.

Well then we are sunk.

I object to breaking currently working installations.  I think it's OK
to use better defaults for new installations.

This is a hard issue for me to argue, because I consider this
particular change to be of questionable value.

> > Disclosure: I'm unhappy that after upgrading my laptop yesterday, I
> > found I couldn't run `x2x',
> 
> Because of this issue?
> 

Right.

> > and had to restart my X session to remedy the problem.
> 
> At least you knew what the problem was.

Well, I've been running X for 10+ years.  I guess I know what to look
for.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                     http://www.nectar.cc/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message