-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15/01/13 04:16 AM, Michael Weber wrote: > Hi, > > "This can have serious security implications" [1] > > For whom?
I think the idea there is that a user expects eth0 and eth1 to stay the same, writes iptables rules on a per-interface basis to control what they want, then update the kernel or make some other change (upgraded udev, maybe? :D) which swaps them around and poof, the rules they thought were correct don't end up protecting them they way they assumed it would... Not saying this is necessarily valid, just saying how I interpreted their meaning of "serious security implications". > [about NIC names] ... Opt-out urges users into either adapt their > setups or disable the rules. Unless i'm mistaken (and i haven't done any sort of comprehensive search so I could be), I believe the majority of package rollouts for systemd-udev is going to provide an opt-in rather than an opt-out. I understand the general point here, that systemd-udev upstream perhaps should also be defaulting to an opt-in, but there isn't a whole lot of benefit in making that point on the gentoo ML.. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iF4EAREIAAYFAlD1YKMACgkQ2ugaI38ACPA8OgEAtK1Y3vHB3oBQyAdmZHYFZcBW 4g9ry2YFts41Zu1wuXcA/REe9lunWnLQ9w4uZNxvFnZ0LqEK9lMrOP0pJEr3UHAq =06X2 -----END PGP SIGNATURE-----
