Re: From release notes for FC5T3 (web)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-03-06 at 17:59, Michael H. Warfield wrote:

> 	In the security business, we have and expression for people like you.
> Those people who use the "install everything" button just because they
> "might" want something in the future (and then forget they installed it,
> if they even realize they installed it to begin with).
> 
> 	We dub thee "owned".

As I said back a few messages, this is not what you want on
a production server.  However, if you don't try the new stuff
somewhere, how are you ever going to know if it will improve
your production or not?

> 	The funny thing is that (and I've seen this in this thread) most of the
> time people will use the argument that the newbie user is the one who
> needs the "install everything" option, because they don't know what they
> want, so they'll be sure to get it.  They are EXACTLY the LAST people
> who need or should use that damn thing.  They are the MOST likely to get
> burned by it (and I've spent too much time helping newbies fix broken
> systems what would not have been broken into if they had only installed
> what they needed).

The people who need it are the ones deciding what needs to
run in production next month.  A lot of people are doing a lot
of work writing this stuff. Do you want only your competitors
to be using it?

>  Fine, now we are much more careful that
> "installed" services are not "enabled" services until you take some
> action.  And the firewall defaults definitely help.  But what about
> Apache add ons (like PHP et al).

What about them?  Name *one* service that hasn't had security
issues.  They get found and fixed only after people start
using them.  Speeding up that process helps us all.

> 	I've preached for years that one of the worst security vulnerability in
> many Linux distributions was the "install everything" button.  That
> remains true to this day.  Ignorance WILL bite you.

If a distribution contains security flaws they need to be fixed,
not ignored.

-- 
  Les Mikesell
    lesmikesell@xxxxxxxxx



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux