1 |
On Sat, May 10, 2014 at 11:41 AM, Markos Chandras <hwoarang@g.o> wrote: |
2 |
> I also agree but I would also like to mention that I do not think |
3 |
> discussing the 'default USE flags' is so important. Anyone who cares |
4 |
> about security or production use of openssh he/she should be able to |
5 |
> figure out the good default for him/her and disable those that he/she |
6 |
> consider dangerous. Why people are so nervous about the default use |
7 |
> flags? it's a simple one line in package.use to configure your package |
8 |
> they way you want to. In my opinion, the default use flags should be |
9 |
> left at maintainers' discretion |
10 |
|
11 |
Well, I'm all for security being a consideration, but it is still up |
12 |
to maintainer's discretion. The most minimal configuration is not |
13 |
necessarily the most secure. |
14 |
|
15 |
For all we know the next openssl vulnerability will only affect people |
16 |
who don't have tls-heartbeat enabled. |
17 |
|
18 |
Rich |