also sprach Marco d'Itri <m...@linux.it> [2015-04-07 22:22 +0200]: > > is your position unchanged? > Yes, since the arguments against this configuration that have been > presented so far can be summarized in "OMG Google!!!1!".
This is not the argument I brought forth. To me, reaching out to a third party to make it work out of the box even without the admin's help is not acceptable. We may work hard to configure our services to provide sensible defaults, but the tendency is still not to turn them on by default. Our MTAs don't have default mail relays. We don't enable AVAHI nor do we install cups-browsed to make things work out of the box. We change upstream software to ensure as much as possible that we don't leak data. We file bug reports against packages linking images from remote web servers to prevent this leakage (cf. e.g. mailman), etc.… In fact, the only software I know that uses defaults for out-of-the-box operation (apart from all the desktop-ware, which is a different beast) is ntpd using pool.ntp.org, but this is a project started by a DD and uses sufficiently random delegation. > If you feel the need to further pursue this then please explain in > detail the threat model that you are trying to address and how the > current default configuration would be worse than other default > configurations. In general, Debian has always taken a no-magic-no-frills approach. If you don't configure it, it does not work. In the currently discussed case, your choice means that DNS configuration might be regarded as secondary priority. Meanwhile, some might argue that Google can collect more data and while I also don't want to fuel that beast, more importantly it means that I give Google the power over my DNS lookups, and who knows what that may entail. This is a company that uses JavaScript to disguise click-tracking from your view and Google DNS has not always remained partial to disputes involving political powers. So no, no concrete threat model. But I hope I was able to argue that one is not necessary. The default should be with Debian philoosphy and that has always adhered to the principle of least surprise. In this case, unless DNS is provided or configured, I'd consider it an unpleasant surprise to find out that we are officially routing our users through a commercial, 3rd party entity, whatever they're called. -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems "... alle sätze der logik sagen aber dasselbe. nämlich nichts." -- wittgenstein
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
