[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more mail related musings...

To: Matthew Patton <patton@sysnet.net>
Subject: Re: more mail related musings...
From: Louis Bertrand <louis@signalpath.on.ca>
Date: Sun, 25 Oct 1998 09:37:47 -0500 (EST)
cc: OpenBSD Advocacy List <advocacy@openbsd.org>, OpenBSD Misc List <misc@openbsd.org>

Matthew,
Aaron,

Education is the answer here. 

As Aaron suggests, we could patch the system, or even come up with a
utility to do all sorts of management but that path leads to M$/Apple land
where a nice pixmap shows up while some utility goes berserk on your
system. 

Matthew suggests "failing secure" but the risk to the project is that the
system will "fail non-functional" and be slagged with comments like "I
installed it but nothing worked". 

I favour a series of tutorials (white papers, whatever) in /usr/share/doc
to alert the user to the risks/benefits and recommended practices for
OpenBSD. Theo's initial mail message to root was a great help when I
started, and the "So you want to put a machine on the Internet" FAQ from
news.answers is another good example. 

The man pages are for experts: you know what you're doing and you're using
them as a reference on syntax and expected behaviour. They are not
tutorial materials, even if they are correct.

I'm putting my name down to form a team to add tutorial documentation to
the OpenBSD distribution.  The stuff is out there, but it needs to be
collected and edited.

What says the group?
 --Louis

Louis Bertrand, Bowmanville, ON, Canada
<louis@signalpath.on.ca>

On Fri, 23 Oct 1998, Matthew Patton wrote:

> Since our stated goal is security, I want to run this idea by the community.
> We have in the distro a fixed sendmail daemon as well as the highly
> regarded smtpd and smtpfwdd from Obtuse Systems.
> 
> Does it make sense to change our default distribution to use these programs
> together in concert rather than relying exclusively on sendmail? Well
> actually out of box, no kind of mail daemon is running. I don't intend to
> change that. Just changing the comments in rc.conf is what I am proposing.
> Maybe a blurb or two in the after_install man page as well.
> 
> On a slightly related note, our default inetd.conf has things like shell,
> login, daytim, time, comsat, ntalk, rstatd, rusersd, finger all running.
> This seems to go against a "security first" mindset. My idea is that we
> should shut all of them down save maybe telnet, ftp, ident, and/or change
> rc.conf to have a NO as the default.
> 
> Some may argue that I'm off my rocker (again). But I think it's important
> that we "fail secure" as apposed to "failing open." New users are probably
> apt to just let their system run in whatever default state they found it in
> not knowing what's really going on. If they discover they need something
> that was off, they are likely to read whatever man page necessary to turn a
> service on. I feel this is a good thing.
> 
> Comments?
> 
> --------
> OpenBSD - Because security matters... (http://www.openbsd.org/)
> 
> The spark of the revolutionary war, the battle of Lexington and Concord,
> was prompted by the ruling government's attempts to confiscate the
> "assault weapons" of the day held by local militias.
> 
> 
>

Follow-Ups:
- Re: more mail related musings...
  - From: Tobias Weingartner <weingart@wolfram.com>

Prev by Date: Installation
Next by Date: Re: more mail related musings...
Prev by thread: Installation
Next by thread: Re: more mail related musings...
Index(es):
- Date
- Thread