On Thu, Apr 01, 2004 at 02:38:04PM +0200, Wichert Akkerman wrote: > This is largely orthogonal to the current issue, but it would be nice if > d-i had a 'select machine type' option where people could select between > 'private machine on private network', 'shared machine with trusted > users', 'shared machine with untrusted users', 'server' or something > similar which would affect: > > * default firewall (block/allow all incoming connections) > * package selection (do/don't install pam_console for example)
You're right that this is largely orthogonal to the current issue. However, I do not think it's largely orthogonal to the solution space we need to be addressing to resolve this local resources issue. This issue came up at least in part because of our current approach to security administration and machine configuration. It would probably be appropriate to issue some longer-term advice in addition to any recommendations on pam_console. -- Raul
