> > I would hope that people understand that not advertising their AFS cell
> > is the worst sort of security through obscurity :-) But for these people,
>
> Especially with people around who semi-actively search for and collect
> information about AFS cells.
Some of us do not advertise our cells, but not because we think this
makes them more secure. In our case the cell (which is indeed
relatively insecure in many frightening ways) makes a lot of software
available to system:anyuser because it is used for distributing
software locally. Nobody has the time to go through everything
and set up IP ACLs, which will not be able to be carried over to
DFS in any case. So we keep the site-licensed stuff readable
by system:anyuser and just don't publish our cell data, expecting
that this will keep the software suppliers happy that we're not
distributing things illicitly.
-- Owen
[EMAIL PROTECTED]
