re: CVS commit: src/etc

To: Robert Elz <kre%munnari.OZ.AU@localhost>
Subject: re: CVS commit: src/etc
From: matthew green <mrg%eterna.com.au@localhost>
Date: Mon, 14 Jan 2019 11:59:51 +1100

>   | i don't want to allow [...]
> 
> People, once again, a big meaningless discussion on what the
> default configuration should be.    We should work out what will
> be most useful to most naive users, and make that be the default,
> regardless of what any of us want.

i don't agree with this.

if we were going to make things easy for naive users we'd give
up almost any pretense of security at all.  i'm not talking about
general configuration, but security configuration.

AFAICT, we care a lot about security.  allowing network configuration
to be done by some new class of users is not what i consider a
secure default.  at the very least, this point must be considered
and chosen, rather than some contested commit enabling it.

infact, i was trying to say it would be great if this worked better
out of the box -- but i don't see why non-root should be allowed to
change network configuration by default.  wheel is a stepping stone
in the security layering, please don't skip over it.


.mrg.

Follow-Ups:
- Re: CVS commit: src/etc
  - From: Robert Elz

References:
- Re: CVS commit: src/etc
  - From: Robert Elz

Prev by Date: Re: CVS commit: src/etc
Next by Date: Re: CVS commit: src/etc
Previous by Thread: Re: CVS commit: src/etc
Next by Thread: Re: CVS commit: src/etc
Indexes:

Home | Main Index | Thread Index | Old Index