Am 09.01.2012 07:27, schrieb Ed Marshall: > On Sun, Jan 8, 2012 at 5:42 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: >> if a software-package, information, disclosure is NOT NEEDED it has >> to be disabled - again: take some security education! > > And, there we go. > > Convince upstream to change their behavior (but, read their FAQ on > this exact question first, and try to understand why they've chosen > that stance), or convince the current openssh package maintainers why > they should patch the Fedora version of openssh in defiance of > upstream's wishes. would you please realize that sshd was only ONE sample but well, so i will hestititate useful requests in the future and continue rebuilding half of the distribution by my own to get rid of nonsense like unsecure defaults, missing systemd-integration and automatic restarts of services while packages are updated > That will be much more productive than insisting that people who are > disagreeing with you in good faith are uneducated sorry, but if somebody does not realize that "ServerTokens OS" is a unsecure httpd-default while every security-expert and most documentations out there will tell you why this is the logical conclusion and not insisting anyone the only sense in "ServerTokens OS" is that you can see bad administration with one look in the header - the problem is that this information is enough for bad guys to look closer on other services too
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
