by mail.netbsd.org with SMTP; 24 Jul 2000 17:07:27 -0000
	id E7BE31E00AD; Mon, 24 Jul 2000 13:07:21 -0400 (EDT)
From: "Perry E. Metzger" <perry@wasabisystems.com>
To: RJ Atkinson <rja@inet.org>
Cc: hubert.feyrer@informatik.fh-regensburg.de, tech-x11@netbsd.org,
	tech-security@netbsd.org
Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
References: <Hubert Feyrer's message of "Fri, 21 Jul 2000 03:16:47 +0200 (MET DST)"> <Pine.GSO.4.10.10007210313510.11355-100000@rfhpc8320.fh-regensburg.de> <4.2.0.58.20000724105622.00990ed0@avarice.inner.net>
Date: 24 Jul 2000 13:07:21 -0400
In-Reply-To: RJ Atkinson's message of "Mon, 24 Jul 2000 10:59:00 -0400"
Message-ID: <87puo3jw3a.fsf@snark.piermont.com>
Lines: 24


RJ Atkinson <rja@inet.org> writes:
>          None the less, I think it would make a quite reasonable 
> default for all *BSDs, perhaps even for XFree86 in general.
> The number of folks who want remote access is smaller than those
> who don't need it, I'd guess.  In any event, I believe in systems
> that ship secure by default.
> 
>          If undertaken, it is important that this choice/change
> is clearly documented and that any clues needed to run an 
> X server without that option were also well documented.

It would be pretty easy for a user to undo. All we'd really need to do
is ship a startx that included -nolisten tcp.

The question is how to document it in such a way that users would
actually get the documentation. I'm not really sure on that
part. Documentation of such things has traditionally been our weakest
area.

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/