Hi Santiago.
You'll find a post at d-d very soon. Please do not feel that it is about to attack you.... On Sat, 2010-05-15 at 01:51 +0200, Santiago Vila wrote: > Please note that the argument was not just "everybody can change it", > but instead "A lot of people consider the new default to be better than > the old one, and those who do not consider it better can change it anyway". ...I was aware of the thread there and that you just did what a majority wanted... Nevertheless,... the majority is not always right (especially in terms of security issues)... > Your example would be good if there were a significant number of people > in favour of installing telnetd by default, or in favour of adding any > user to the root group by default, but I guess such is not the case. Well,.. probably. Anyway,.. I see a trend in Debian to open up more and more and I'd say Debian should be secure and hardened by default. That's why I'd always choose hardened config, even if the majority of all users will have to change it. > On systems with User Private Groups, like Debian, 002 is as secure as 022. At a first glance it seems so, at least until no one adds user B to user A's group...but I'm sceptic that we've really seen all follow-ups and side effects of such a change. btw: Is there any other distro which has 002 as default? At least non I'd know about... > > Well I do not "complain" for myself. I noticed the change and could > > simply keep the old scheme or even 077. > Exactly. I will keep 022 in my system. So do you, personally, think that it's a good change? > Obviously not. I just wanted you to realize that having a bug saying > "you should do this" and another one saying "you should not do this" > at the same time is not nice at all. I did not see this in the first place, so sorry for that. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
