Re: [POSSIBLE GRAVE SECURITY HOLD]
On 2 Feb 2000, John Goerzen wrote:
> And as numerous people, including myself, have pointed out, it already
> exists and explains the situation in a sufficient manner.
Maybe; but two points
1) who the heck thinks of checking the MBR documentation? I'd never even
suspect it behaves any different than os/2 mbr, win mbr, whatnot mbr.
2) Even if the majority agrees to keep mbr as a default installation,
Where the hell is it gonna hurt anybody if you get a popup upon setting up
mbr that says something to the effect of, "MBR makes it possible to boot
from floppy; please check /usr/share/doc/mbr/whatever.txt for more
information." ?!?
This argument is getting really, really stupid. We should try to make a
debian which is as secure as possible. Too much security won't ever hurt
you; too little will come back to haunt you one day.
And no, most people do not have time to read all 4000+ Debian packages'
readmes to the last line. They expect reasonably secure defaults; defaults
that will not screw up everything or at least give them a choice. Or a
fair warning.
Yes the mbr problem doesn't affect most debian users, I presume. But what
frightens me MUCH more is the attitude some are displaying here.
"Sure, here's an insecure default. Why, you could've Read The Fucking
Manual and fixed it. We don't care, it's your problem."
What next? Make anonymous ftp the default? Use tftp maybe? ;)
Everybody can check the readme on how to disable it, right?
PS -
Maybe you should think about why people use distributions in the first
place? Afterall they could just read all the docs and build their systems
from tarballs ;-)
Reply to: