tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fetch_pkg_vulnerabilities enabled by default (was: CVS commit: src/etc)

On Wed, Jan 20, 2010 at 03:17:44PM +0200, Alan Barrett wrote:
> > >> All of these options are enabled by default but they will only run
> > >> if there is, at least, one installed package.
> > >
> > > I object for enabling that by default and you haven't answered my
> > > concerns when you brought this up.
> Nothing in NetBSD should phone home by default.

"Phone home" is strong for fetching a file. The biggest privacy leak is
"oh, there is a pkgsrc user". I think it should be annotated in the
release notes as such, but I fully agree with Julio that it should be
enabled by default.

> > It's not like other OSes never call home to get updates or other
> > stuff.  And they do frequently, with much more users than us, and they
> > cope with it.
> That's a reason not to worry too much about the performance impact of
> having everybody turn this option on, but it's not not a reason to turn
> it on by default (which implies, to stop caring about users' privacy).

Can we just leave out the ridicilous "load" argument. This is not even
using FTP by default.


Home | Main Index | Thread Index | Old Index