David Walser <[EMAIL PROTECTED]> writes: > --- Pixel <[EMAIL PROTECTED]> wrote: > > Anyway, I kind of agree with the idea. But I don't > > think the pb is big enough > > to bother changing this. > > Considering the overzealous extreme paranoia that's > caused you all to disable Indexes in Apache by > default, and disable Xdmcp in KDM by default, I find > this surprising.
As for me, I'm *not* paranoiac. My box has weak + empty passwords, xhost +, rsh ... since people having access to my box can have physical access. I'm all for "please behave yourself" than "you won't heart me!" For the default settings, I am against the typical (eg: redhat (*)) security which implies you really know how things work to enable a server: - services disabled by default on redhat - a firewall blocking everything As long as nobody have strong arguments, I'll try to maintain a default setting where it's easy to have server running and useful. Disabling xdmcp is good IMO because: - it is seldom used whereas kdm/xdm are installed on every box. It would be nice to have a separate package that would enable kdm/xdm when installed. - it allows to connect to the box when not many people know the existence of xdmcp I don't know for apache indexes. (*) redhat also disallows sys-reqs and ctr-alt-suppr which is only meaningful if the guy can access the keyboard but not the computer (it exists, but is seldom)
