On Thu, Feb 02, 2017 at 02:25:25PM +0000, Mike Crowe wrote: > On Friday 27 January 2017 at 09:48:22 +0100, Uwe Kleine-König wrote: > > Independent of this changing the default TFTP_ADDRESS to ":69" to get > > ipv6 connectivity would be nice. Or maybe still better to ":tftp". > > Indeed. As I wrote in message #95, the debconf question for TFTP_ADDRESS > even implies that the current default value will support IPv6, when it does > not.
That's most probably just an oversight from between when that prompt was first written and when IPv6 support was actually added. But that predates my involvement here, so I can't say for sure. That said, it also doesn't seem entirely unreasonable for anyone configuring a service like this to know that 0.0.0.0 is an IPv4 address ... which might be related to how it got overlooked ... > If Ron will accept it, then I can update the patch in Message #100 to say > ":tftp" rather than ":69". It's ok, I don't need a patch to change the default. The real question for this bug (as I think I've said a few times now), is *what* it should be changed to if we change it. You've been unambiguous about your preference being that the default should match your preferred use case - but given that we've now got people saying they are running this on laptops, I think there's also a strong case to be made that the default should actually be *more* restrictive than it currently is. Historically, TFTP was only ever used on trusted LAN ports, to provide boot and configuration files for bare and dumb devices. So binding to all interfaces and assuming they are trusted wasn't an unreasonable default. But given that these days, those files can increasingly contain sensitive data, like plaintext admin passwords for dumb embedded devices - and that there is no other access control aside from what ports you bind this to and how that machine is firewalled - it does seem irresponsible to open that by default, for naive users who might carry their laptop around and use it on random untrusted networks. Real admins with real servers are going to know how to preseed this to use their own preference, or are going to be using other tools to maintain their system configuration anyway. So maybe we should err on the side of 'forcing' naive users to explicitly make it more permissive if that's what they really want, rather than just opening it to everyone before they've even had a chance to read the man page. > Is there any chance we can get this into Stretch? Given that it's increasingly clear that there isn't actually a 'bug' in this software, just the minor question of whether the default configuration is still appropriate for expected use(r)s in 2017, it doesn't seem all that likely that the release team would want to accept such a change now even if I was convinced we certainly knew the definitively right answer and pushed it. If you want to fix the symptom for Stretch, you'd be better off filing an RC bug against NM for the issue affecting it. If you really want :69 as your local config for other reasons, you can already do that today. Right now, I'm basically seeing 3 options for how to 'close' this issue here now: - Make the default more restrictive, raise the priority of the debconf question so more people actually see it, and include some explanation of why it's restrictive, and what you might want to change it to for particular use cases. - Leave the default as is, but tweak the prompt text to be a bit clearer (and maybe still raise the priority). - Make the default completely permissive as you're suggesting and just let anyone who gets burned by that learn their mistake The Hard Way. And if I had to rank them by the amount of (potentially justified) vitriol that the hate mail I'll get from people who don't like the new default because it somehow inconvenienced them will contain ... ... then the first one starts looking like a pretty attractive option ... and I'm not really sure what arguments to the contrary might change that. I'm willing to listen to any that we haven't already heard (I haven't forgotten them, there's no need to repeat them), and I'm far from being completely convinced that's a Great Answer. But it might really be the Least Worst one for today, all things considered. Cheers, Ron
