--BRE3mIcgqKzpedwo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 30, 2005 at 12:33:34PM +0200, Juan RP wrote:
> On Mon, 29 Aug 2005 23:46:38 -0400 (EDT)
> der Mouse <mouse@Rodents.Montreal.QC.CA> wrote:
>=20
> > The only downside I see to it is user confusion, both intra-NetBSD
> > ("why two variables for the same thing?") and inter-BSD ("why are Net
> > and Free different here?").
> >=20
> > I prefer positive names too, in isolation - but I think inter-BSD
> > compatability is the stronger force here.
>=20
> I agree here: positive names and two nodes (showproc/showinet).

I don't care about positive vs. negative. Sounds like "show" is more=20
prefered, which is fine with me.

However why two knobs? I already can envision a third (see file=20
descriptors, a la fstat), and I expect someone else will find a fourth.

Please, please, please explain to me why we would want to set one of the=20
knobs and not others.

Yes, I see an artistic beauty to having fine-grained knobs. But we are
talking about security policy, and I think that we and our admins will=20
have a better operational experience if we have one knob. At least until=20
we find real-world examples of why folks want one knob enabled and others=
=20
disabled.

All the models I can come up with about hiding either processes or sockets=
=20
(or file descriptors) really want them all hidden. When is it good for a=20
user to not be able to see processes or file descriptors yet still be able=
=20
to tell that some process has port tcp/80 open? :-)

Take care,

Bill

--BRE3mIcgqKzpedwo
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDFKOLWz+3JHUci9cRAigOAKCAiOe0LjG9mbX+icyPdaAnXuy6MgCgijXm
J7+XPBfx3d5EsjYKjuauaXQ=
=v5BB
-----END PGP SIGNATURE-----

--BRE3mIcgqKzpedwo--