1 |
On Sunday 26 September 2004 06:42, Bart Lauwers wrote: |
2 |
> On the matter of the russian roulette, it is no different, computers |
3 |
> without a security policy are a disaster waiting to happen and the risk |
4 |
> could cost someone their life (not in all uses of a computer granted). Both |
5 |
> are loosing propositions. You cannot proof read all the code you put into |
6 |
> a distro so you need better ways to attain an acceptable level of |
7 |
> protection. |
8 |
|
9 |
I believe we do have a security policy already - no net facing daemons enabled |
10 |
by default. There's actually no daemons by default and the user is only |
11 |
encouraged to install a cron and syslog. The security policy of the system |
12 |
from that point on, as most everything with Gentoo, is left entirely up to |
13 |
the user. |
14 |
|
15 |
Here's my take on all this. There's almost no point in adding SSP to the |
16 |
stage1 binaries. There's almost as little point in adding it to the stage2 |
17 |
binaries as well. So that pretty much leaves the question as to whether there |
18 |
is a point in adding SSP to the stage3 binaries (and GRP). |
19 |
|
20 |
To that end, I wonder what class of users use stage3. Personally, if I use a |
21 |
stage3 it is to get the system up and running as fast as possible. Once I can |
22 |
start using the system productively, I inevitably run emerge -e world in the |
23 |
background. Another class of user wants QA'd binaries with maximum stability. |
24 |
This usually means the machine is for some sort of business usage, whether it |
25 |
be client or server. |
26 |
|
27 |
The last class of user doesn't know/care enough to bother with the several |
28 |
days it takes to go from a stage1. Unfortunately, this class of user also |
29 |
wants everything to be as fast as possible; usually the type that writes up a |
30 |
lot of FUD on slashdot. I'm making a huge generalization here that anyone is |
31 |
free to wholeheartedly disagree with, but it servers my purpose here. |
32 |
|
33 |
So, two interesting classes of users. Those who care and those who don't. The |
34 |
question then becomes one of who we care about. Personally, I think that both |
35 |
are equally important. However, I lean toward better support for the ones |
36 |
that do care. In such, I'm all for SSP in stage3 and GRP as long as it does |
37 |
not introduce any stability concerns. Does it introduce any stability issues? |
38 |
|
39 |
Regards, |
40 |
Jason Stubbs |
41 |
|
42 |
-- |
43 |
gentoo-dev@g.o mailing list |