On Tue, Feb 02, 2010 at 08:32:20AM +1300, martin f krafft wrote:
> also sprach b...@bc-bd.org <b...@bc-bd.org> [2010.02.01.2237 +1300]:
> > Well, this feels to me like trying to prove a negative, which is
> > always hard or impossible.
>
> Actually, I thought that is what we are doing now: the impossible.
>
> Think about a firewall: there, you'd configure it to REJECT all
> packages it does not ACCEPT. So why should molly-guard not be
> equally careful and REJECT (ask for confirmation) everything except
> when it knows for sure that it can ACCEPT (continue without
> confirmation)?
As I see it, a Firewall tests for the presence of things (certain port, IP,
protocol, etc) molly-guard tests for the absence of things (ssh ENV, etc).
Now, to get back to what this bug was originally about.
I still think the patch is a valuable addition to molly-guard, as it fixes a
problem I and maybe others have. I think that holding this patch back because
you feel molly-guard needs to be rewritten is the wrong thing to do.
regards
Stefan
--
BOFH excuse #239:
CPU needs bearings repacked
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
