[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: fetch_pkg_vulnerabilities enabled by default (was: CVS commit: src/etc)
On Wed, 20 Jan 2010, Julio Merino wrote:
> On Wed, Jan 20, 2010 at 7:23 AM, Bernd Ernesti <veego%netbsd.org@localhost>
> > On Tue, Jan 19, 2010 at 10:08:11PM +0000, Julio M. Merino Vidal wrote:
> >> Add the check_pkg_vulnerabilities and check_pkg_signatures options
> >> to the security script to check that the installed packages are
> >> sane.
> >> All of these options are enabled by default but they will only run
> >> if there is, at least, one installed package.
> > I object for enabling that by default and you haven't answered my
> > concerns when you brought this up.
Nothing in NetBSD should phone home by default.
It would be fine if it added a warning to the security report by
default. (e.g. "Warning: <option> is turned off, and that's bad because
<reason>; do <this> to turn it on or <that> to never be reminded
> The fact that we didn't do such a thing in the past is not an excuse
> not to do it now.
The fact that we used to care about users' privacy is not an excuse to
stop doing so now.
> It's not like other OSes never call home to get updates or other
> stuff. And they do frequently, with much more users than us, and they
> cope with it.
That's a reason not to worry too much about the performance impact of
having everybody turn this option on, but it's not not a reason to turn
it on by default (which implies, to stop caring about users' privacy).
--apb (Alan Barrett)
Main Index |
Thread Index |