well, you make sense to me. 2c from an end-user.
martin f krafft wrote: > dear list, > > look, i am really not here to start a flame war and heck no, i don't > want one. please excuse if my behaviour has been leading you onto this > belief (or maybe not). i am simply failing to grasp the arguments laid > out by wichert. that is, i don't disagree with him per se, but i have > the feeling that i am also not being understood. so, please read this > last attempt to clarify and then either respond, or give me a straight > "shut up" and i will. and i apologize up front to sven for posting > parts of his personal reply to the list. > > also sprach Sven Hoexter <[EMAIL PROTECTED]> [2002.04.02.2240 +0200]: > >>Calm down :) It's "just" a DoS attack and if you use a Software you as >>the admin should look at the normal flood of information and pick out what >>you need. If you do so you know the problem and you can work around it in >>different ways. One way is the Deny directiv or some of the Ulimit options >>introduced into proftpd after the problem occured the first time. >>In the Debian way the deny directiv is the working one. >> > > well, i am calm, but i disagree. sure, it boils down to the question > who debian's audience are, but for all i am concerned, debian's > reputation _used_ to include "security", and the reason why i'd (as in > "would" and "had") install(ed) debian was because i didn't need to be > worrying about the obvious and hence i could spend my resources on > other things. had i wanted to patch one-year-old bugs in software that > installs from the "security archives", then i might have just chosen > to "fly" redhat. i don't understand why you aren't understanding this. > i am not at all against finding the real bug as well as investigating > why: > > >>their is a patch that doesn't work and it seems like nobody proved >>the patch after it was applied for the first time. >> > > but give me at least one argument why these acts cannot combine with > a *temporary* fix uploaded to the so-called "security archives". > > >>With this I'm falling back to another topic: Is the way of keeping >>exploit code behind bars realy good for the admin without the >>special coding skills or just new stones in the proccess of running >>a secure server? >> > > exactly my point. debian's the "hacker OS", but it's also damn good. > so why not take little steps such as this and keep it that way even > for the ones that don't spend 20 hours a day in front of a computer > and know assembler backwards... > > >>Just my personal thoughts about your flames with Wichert. >> > > they really weren't intended to be flames. i am sorry if they felt > that way. i am really just trying to be concise since i don't have > much more to say than i did. > > -- Chris Massam <[EMAIL PROTECTED]> YellowTuna Networks Ltd PO Box 91493, A.M.S.C., Auckland, NZ Level 2, 272 Parnell Road, Parnell Tel. +64 9 3077844 Fax. +64 9 3077846 Cel(NZ). +64 21 2220564 http://www.yellowtuna.co.nz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
