>> idea. Think about systems which are not allowed to be modified or >> what if every new installation connects to a server for getting it at >> the same time. Or what if such systems have no packagea at all installed. [...] > If NetBSD ships with obvious security features that are switched off by > default, people will not be happy when they get hacked in a way that the > could have been prevented. The question shouldn't be be "should we turn > these features on?", but "how do we turn them on without annoying > people?". That'll become more diffcult :) From an administrators point of view I would like to see prepared configuration settings for this. Hubert mentioned daily.conf as a way to include these features. Here are my thoughts of this (admin view): 1.) Updating the vuln file As I am the admin of the server I know if this server is connected to the internet and if the vuln list should be downloaded on a daily basis from TNF or if I want to set up an internal infrastructure with a mirror for this file. At my site we run 6 servers with pkgsrc packages installed (no NetBSD tho) and I want to mirror the vuln file internally as 5 servers can't access netbsd.org directly. I also want to set up an automatic check with gpg so that I know if this file is correctly signed or not. 2.) Checking the packages I don't want this on any server. I am using a central server with all the needed packages installed on. So if this server has vulnerable packages on, all the other server will be vulnerable, too. So I just want to check only one server. 3.) Load for TNF That's a problem - true. I like the idea of randomness. We should add a "splay" time so that not every client in a timezone nails netbsd.org with requests at the same time. What about some dns magic for that? We could set up a round-robin dns for the mirrors so that the vuln file will be requested for a set of mirrors. My conclusions: I like the idea for the automatic download and the automatic check for vulnerabilties. Howver, I would like to see them as tasks for daily.conf and disabled but well configured by default. Leave the decision if a NetBSD installation is checked by the admin of the system. - Uli
Attachment:
pgpxmEsRFqa9t.pgp
Description: PGP signature