also sprach b...@bc-bd.org <b...@bc-bd.org> [2010.02.01.2237 +1300]: > Well, this feels to me like trying to prove a negative, which is > always hard or impossible.
Actually, I thought that is what we are doing now: the impossible. Think about a firewall: there, you'd configure it to REJECT all packages it does not ACCEPT. So why should molly-guard not be equally careful and REJECT (ask for confirmation) everything except when it knows for sure that it can ACCEPT (continue without confirmation)? > a) Should it protect you from shuting down a/the wrong _remote_ machine? > > or > > b) Should it protect you from shuting down _the wrong_ machine? > > If a), well it fails when ssh is run from screen, which makes it unusable at > least for me, because it provides me with a false feeling of security. > > If b), then it's more of a --hostname approach. (b) is already handled with ALWAYS_QUERY_HOSTNAME. -- .''`. martin f. krafft <madd...@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems "ah, but a man's reach should exceed his grasp, or what's a heaven for?" -- robert browning
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
