On Thu, 2003-10-30 at 08:31, Simon Kitching wrote: > In fact, the current approach really reminds me of Microsoft's approach > to security: convenience first, safety later. I would prefer to see > systems which are secure by default, with users *deliberately* having to > weaken security if they want more convenience. Ah, but see, this is really a double-edged sword. If a user installs a vanilla distribution, which, say, contains a remote sshd exploit, and they are not able to update to errata because, who knows, they are thick and can't figure out what gpgcheck does, they will be rooted before they have time to realize their mistake. In this case there is no "secure by default" setting -- either way you do it, someone will be screwed. On the other hand, repository poisoning will be discovered very quickly, because all other yum installations that do gpgcheck=1 will throw hissy fits over an unsigned or an incorrectly signed package. It's up for debate, of course, but it seems to me that a box with no errata applied is potentially much more of a problem. It's really hard to judge which one is more grave. Regards, -- Konstantin Riabitsev <icon@xxxxxxxxxxxxxx> Linux@DUKE
