On Thu, 2007-08-30 at 10:34 +0100, Darren J Moffat wrote:
> I'm not sure that secure-by-default does require that this be off. As I
> understand this case it is egress probing not a daemon listening of
> ingress requests.
So we're ok at the transport layer, but I think we also need an
application-layer analysis.
At least some of what people send to printers tends to be sensitive.
So one critical question for a SbD analysis is how
automatically-discovered printers turn into usable destinations for
print jobs. So long as there is a administrative step needed to "move"
a printer from a "I hear it's out there somewhere" to a "ready to print"
state I think we're most of the way there.
(and as a largely unrelated gripe, maybe I'm missing the trick but it
seems like it would be clever to be able to configure a user account or
system so that printers listed in NIS or LDAP were merely "out there" so
that gui print menus wouldn't take forever to enumerate printers before
putting up an unusably long list).
- Bill
