On Mon, 7 Aug 2000, Pavel Roskin <[EMAIL PROTECTED]> wrote:
> On Mon, 7 Aug 2000, OKUJI Yoshinori wrote:
[...]
> Please stop this code bloat! Just the fact that people want (or even
> implement) some features doesn't mean that such code should become
> part of the official GNU GRUB.
[...]
> Serious protocols like TCP/IP should be handled by serious OS'es, not
> by bootloaders. The same applies to the encryption. We don't want more
> security holes in GNU programs. If other people want those holes it is
> their problem. It is also their responsibility to secure their
> networks.
As the person requesting the encryption support (and writing it) in
GRUB, I feel a need to point out that, first of all, adding encryption
is not a 'security hole', as such, nor does adding it remove any such
security hole.
I do want it available to me, though, because it does allow me to secure
my network in a number of situations that can be addressed by either
this feature or a significant drop in changeability on the network.
> GNU GRUB, as it is released by FSF, should not (IMHO) ship with
> potential security holes,
Can you identify the specific security holes you fear will be exposed by
the addition of encrypted image support to GRUB? I fully intend to
document the feature, including the warnings that simply having
encryption does not magically make it a 'secure' system...
> splash screens, startup sounds,
I would agree here...
> embedded IPv6,
but may well be adding UDPv6 support at some point, since parts of the
network may be moved to IPv6 only...
> kerberos and OpenGL support :-)
These are probably not needed, though. ;)
Daniel
--
Libert�! Fraternit�! Sexualit�!
-- Graffiti in Paris M�tro, 1980s
