Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]

To: Daniel Burrows <Daniel_Burrows@brown.edu>, 56821@bugs.debian.org
Cc: John Goerzen <jgoerzen@complete.org>, Pierre Beyssac <beyssac@enst.fr>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, quinot@enst.fr, debian-devel@lists.debian.org
Subject: Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
From: Stephane Bortzmeyer <bortzmeyer@pasteur.fr>
Date: Thu, 03 Feb 2000 09:56:44 +0100
Message-id: <200002030856.JAA21480@ezili.sis.pasteur.fr>
In-reply-to: <20000202181713.A6159@brown.edu> (Daniel Burrows <Daniel_Burrows@brown.edu>'s message of Wed, 02 Feb 2000 18:17:13 EST)

On Wednesday 2 February 2000, at 18 h 17, the keyboard of Daniel Burrows 
<Daniel_Burrows@brown.edu> wrote:

>   This thread was the first -- the *first* -- time that I even realized that the
> default Debian install didn't put LILO on the MBR but used the mbr package

This is certainly true of most Debian administrators. Ask yourself: "Where you 
aware that *any* precaution you take, such as setting a BIOS password, locking 
the box, or adding a password in LILO was useless?"

The reaction of Ben Collins reminded me Dan Bernstein when a flaw was 
discovered in qmail: even if 99 % of the users of qmail did it the wrong way, 
Bernstain always claimed that they should have read the documentation and do 
otherwise than the default.

This is the sort of attitude I expect from *BSD, where every user is supposed 
to be, like the Adam Smith consumer, perfectly knowledgeable about anything. 
But this is not a proper attitude for Debian, whose purpose is to let users 
spend less time with the setup of the system.

Reply to:

Follow-Ups:
- Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: technical suggestion to resolve the mbr issue
Previous by thread: Re: Broken kernel-package?
Next by thread: Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread