'Twas brillig, and Robert Fox at 19/02/13 11:45 did gyre and gimble: > On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote: >> Le 19/02/2013 12:20, [email protected] a écrit : >>> If that's how you feel about having a program like DenyHosts running by >>> default, do you feel the same way about having a firewall running and >>> configured out of the box. >>> >>> Is a firewall a sysadmin's or packager's choice? >> A sysadmin choice. Pushing always more stuff 'by default' doesn't help >> users to make educated choices. > > On one hand I agree, on the other hand - we want a distribution which > simply works and common choices are made (like which firewall) from the > distro side - a good enough Sysadmin can then change to his/her liking > afterwards. This is more or less a distro "philosophy" question, but > look why "Mint" has become so popular - because many choices are made > upfront for the user - yet the flexibility is in the system (and enough > packages) for an advanced user to change them! > > As long as the default settings are documented upfront - I see no issue > in making such a decision on behalf of the "average" user - and making a > more security robust distribution.
Yup, I agree with this. I'm know my way around sufficiently that I can happily change the stuff I don't like. I think we do have to pick reasonably sensible defaults. Ultimately that's what msec does too - defines sensible defaults for the security level picked. So overall I'd welcome a default setup that allows things to be more secure/robust by default (obviously balanced against user experience - e.g. a *very* secure setup would be to ban all traffic in or out... but that's not a nice user experience :D). Col -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/
