Re: fetch_pkg_vulnerabilities enabled by default (was: CVS commit: src/etc)

[Alan Barrett <apb%cequrux.com@localhost>]

On Wed, 20 Jan 2010, Julio Merino wrote:
> On Wed, Jan 20, 2010 at 7:23 AM, Bernd Ernesti <veego%netbsd.org@localhost> 
> wrote:
> > On Tue, Jan 19, 2010 at 10:08:11PM +0000, Julio M. Merino Vidal wrote:
> >> Add the check_pkg_vulnerabilities and check_pkg_signatures options
> >> to the security script to check that the installed packages are
> >> sane.

Great!

> >> All of these options are enabled by default but they will only run
> >> if there is, at least, one installed package.
> >
> > I object for enabling that by default and you haven't answered my
> > concerns when you brought this up.

Nothing in NetBSD should phone home by default.

It would be fine if it added a warning to the security report by
default.  (e.g. "Warning: <option> is turned off, and that's bad because
<reason>; do <this> to turn it on or <that> to never be reminded
again".)

> The fact that we didn't do such a thing in the past is not an excuse
> not to do it now.

The fact that we used to care about users' privacy is not an excuse to
stop doing so now.

> It's not like other OSes never call home to get updates or other
> stuff.  And they do frequently, with much more users than us, and they
> cope with it.

That's a reason not to worry too much about the performance impact of
having everybody turn this option on, but it's not not a reason to turn
it on by default (which implies, to stop caring about users' privacy).

--apb (Alan Barrett)