Re: [POSSIBLE GRAVE SECURITY HOLD]

To: debian-devel@lists.debian.org
Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
From: Michael Meskes <meskes@debian.org>
Date: Wed, 2 Feb 2000 18:04:59 +0100
Message-id: <20000202180459.B1083@fam-meskes.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <2000-02-02-11-38-12+trackit+sam@debian.org>; from sam@debian.org on Wed, Feb 02, 2000 at 11:38:12AM +0100
References: <2000-02-02-11-38-12+trackit+sam@debian.org>

On Wed, Feb 02, 2000 at 11:38:12AM +0100, Samuel Tardieu wrote:
> Given that some of us (maybe all, this is not a flame, just a disagrement)
> do believe that this is an unacceptable security issue for Debian, I would
> like to get developers opinion on this.

I do agree that it is a security hole but I also do believe that it should
not be fixed by default. After all when I install the machine from floppy
and something goes wrong this might become a needed option. But it should be
well documented. I think this should be treated similar to the lilo password
setting. It is not enabled per default but documented so everyone who needs
to secure lilo knows how to do it.

Michael

-- 
Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!

Reply to:

References:
- [POSSIBLE GRAVE SECURITY HOLD]
  - From: Samuel Tardieu <sam@debian.org>

Prev by Date: Re: Just discovered big bug!
Next by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Previous by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread