| 1 |
On Sat, May 10, 2014 at 11:41 AM, Markos Chandras <hwoarang@g.o> wrote: |
| 2 |
> I also agree but I would also like to mention that I do not think |
| 3 |
> discussing the 'default USE flags' is so important. Anyone who cares |
| 4 |
> about security or production use of openssh he/she should be able to |
| 5 |
> figure out the good default for him/her and disable those that he/she |
| 6 |
> consider dangerous. Why people are so nervous about the default use |
| 7 |
> flags? it's a simple one line in package.use to configure your package |
| 8 |
> they way you want to. In my opinion, the default use flags should be |
| 9 |
> left at maintainers' discretion |
| 10 |
|
| 11 |
Well, I'm all for security being a consideration, but it is still up |
| 12 |
to maintainer's discretion. The most minimal configuration is not |
| 13 |
necessarily the most secure. |
| 14 |
|
| 15 |
For all we know the next openssl vulnerability will only affect people |
| 16 |
who don't have tls-heartbeat enabled. |
| 17 |
|
| 18 |
Rich |
Archives