Re: Securing a Debian machine

To: debian-devel@lists.debian.org
Subject: Re: Securing a Debian machine
From: Mike Markley <mike@markley.org>
Date: Thu, 3 Feb 2000 11:50:25 -0500
Message-id: <20000203115025.B21357@madhack.com>
In-reply-to: <874sbrj8sf.fsf@glaurung.green-gryphon.com>; from srivasta@debian.org on Wed, Feb 02, 2000 at 08:53:52PM -0600
References: <2000-02-02-11-38-12+trackit+sam@debian.org> <87vh47k3v1.fsf@erwin.complete.org> <20000202121129.C29600@landru.math.uwaterloo.ca> <20000202165048.C16430@justice.loyola.edu> <874sbrj8sf.fsf@glaurung.green-gryphon.com>

I beg of you all, could this holy war be taken back to the Re: [POSSIBLE
GRAVE SECURITY HOLD] thread? I'm probably not the only one with no desire to
setup yet another procmail rule for another thread...

On Wed, Feb 02, 2000 at 08:53:52PM -0600, Manoj Srivastava wrote:
> >>"Michael" == Michael Stone <mstone@debian.org> writes:
> 
>  Michael> On Wed, Feb 02, 2000 at 12:11:29PM -0500, James A. Treacy wrote:
>  >> I propose we do the following:
>  >> - leave mbr as it currently stands. Most users are worried about
> 
>  Michael> Why would we do that? I have yet to see anyone justify why
>  Michael> mbr is good for a default install (rather than as an
>  Michael> optional package.) Even leaving the security issue alone,
>  Michael> the 2FA: prompt is confusing for people who hit shift in
>  Michael> hopes of seeing a lilo: prompt.
> 
>         You want justification? Well, someone rebooted a computer
>  without rerunning LILO, and having had installed a SCSI disk. The
>  machine stopped with the MBR prompt; and the floppy option saved our
>  butts. It was a lifesaver; since we were in a timefcritical Demo
>  scenario.
> 
>         The MBR features are just that: features, and some of us like
>  them the way they are. Most installations are happy with lower
>  security than requiring the floppy bott be disabled, and for these
>  folks this is a feature that can be useful.
> 
>         Since we should be targetting the defaults for the most common
>  case anyway, I say that the current MBR is justified.
> 
>         manoj
> -- 
>  I went to my mother and told her I intended to commence a different
>  life.  I asked for and obtained her blessing and at once commenced
>  the career of a robber. Tiburcio Vasquez
> Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
> 1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
> 1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
Mike Markley <mike@markley.org>
PGP: 0xA9592D4D 62 A7 11 E2 23 AD 4F 57  27 05 1A 76 56 92 D5 F6
GPG: 0x3B047084 7FC7 0DC0 EF31 DF83 7313  FE2B 77A8 F36A 3B04 7084

Landru! Guide us!
- A Beta 3-oid, "The Return of the Archons", stardate 3157.4

Reply to:

References:
- [POSSIBLE GRAVE SECURITY HOLD]
  - From: Samuel Tardieu <sam@debian.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Securing a Debian machine
  - From: "James A. Treacy" <treacy@debian.org>
- Re: Securing a Debian machine
  - From: Michael Stone <mstone@debian.org>
- Re: Securing a Debian machine
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: Boot floppies 2.2.6 has been uploaded.
Next by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Previous by thread: Re: Securing a Debian machine
Next by thread: Re: Securing a Debian machine
Index(es):
- Date
- Thread