Hello, I am the author of the Wiki page with the suggestion. A friend showed me this discussion and I'd like to add a few points. MOTIVATION The intent is to remove machines which are subvertable from the Internet. My employer provides network connectivity to universities, and it's very evident in traffic profiles when a distribution ceases maintenance and an exploit for a never-to-be-patched flaw sweeps across the network. In the past we found a real person for the IP address which has been subverted, educated that person in the evil side of the Internet, and then encouraged them to act. Today -- like most ISPs -- we are becoming less and less generous about this massive waste of our time. I can see the day arriving where we automatically blackhole machines which reach some threshold in the IDS systems. Of course, this is less than optimal, as the first thing we'll see is misuse of that automation by some IRC user upset at other IRC users. The loss of default route is no different to what we do if we can't get a subverted machine fixed -- we simply set our routing table to blackhole all traffic to and from that machine. The end result for an EOL machine is the same -- it is only a matter of timing and cost. This motivation is substantially different to the motivation for Windows Genuine Advantage. In fact, WGA discourages some users from being up to date with patches, which is counter to our goal. GUI V SERVER There's no difference between server and desktop machines. From a networking perspective a desktop Linux machine is simply a server which has a console user for a third of the day. Unfortunately, desktop machines are now so abundant in computing resources that users generally do not notice exploit behaviour. Nagging GUI users would be fine. But that would be a related package, not this one. PHILOSOPHY To be effective, the package will need to be installed by default. I do realise that this is a big ask, and something likely to be achieved by small steps. People will need to become conversant with the idea and happy with the quality of the implementation. If a sysadmin intends deploying a machine past EOL, they can simply remove the autodeath package. If a sysadmin needs to stop autodeath acting (because it is hosing an important machine) then there should be two configuration switches: - a "not now" toggle, which is re-set on OS upgrade - a "never" switch, which disables autodeath from acting, ever. Because the configuration holds the expiry date, logwatch can warn of expiring Internet connectivity for a machine, just as it warns of expiring certificates today. Someone mentioned "tyranny". I rather think of this as correctly assigning the work from a unmaintained machine. Making the system owner of the machine deal with their lack of an upgrade plan is much, much fairer than pushing the cost onto network administrators, ISPs or onto those people DDoSed by a subverted machine. And yes, we've all failed at various times to do the work of a timely upgrade of a short-life operating system. A lot of the argument seems to be that avoiding a penalty for this is OK. I'd argue in return that this is mix of hubris (my machine would never be subverted) and cost-shifting (a subversion will harm others more than me). Best wishes to all, Glen -- Glen Turner <http://www.gdt.id.au/~gdt/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
