Re: We need a new subject- bug fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Today Les Mikesell did spake thusly:
Absolutely not! The way people using a distribution get updates is with 'yum update' or the equivalent. Otherwise, only experts will have anything updated. And the config files should be constructed such that most local changes are merged from /etc/sysconfig and thus updated files in an RPM can replace the previous unmodified copies.
so if an exploit is discovered we should just sit back and be hacked until someone else fixes it for us? That's just plain lazy
Remember the problems with RPC and windows being exploited? And the ones with remote P&P and the remote registry hacks? All services running on windows boxes that were unknown to the average user...
What does this have to do with a standard well documented service and the complaint that it can't be activated without modifying a config file that most people won't understand - and are likely to get wrong.
You _uncomment a single line_ which is immensely well documented inside the file itself. Most people understand that when using linux and wanting things to work one has to modify the config files...
dnl # The following causes sendmail to only listen on the IPv4 loopback address 
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Sendmail is installed by default, you seem to want to have it able to connect to the internet by default too, I'd say this isn't what most users will require of it, indeed, many users don't even bother with sendmail. Therefore it shouldn't be the default. Or people will get exploited. Because we aim, by default, to have few open ports.
The point of security is to have as few ways to compromise a system available by default as possible. It makes sense to have a feature not available by default that isn't going to be needed by the majority of users, no? 

--
Scott van Looy - email:me@xxxxxxxxxxxxxx | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74  802C 7CF9 E526 44D9 D4A7
      -------------------------------------------
      |/// /// /// /// WIDE LOAD /// /// /// ///|
      -------------------------------------------

Neglect of duty does not cease, by repetition, to be neglect of duty.
		-- Napoleon
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux