On Tue, Feb 3, 2015 at 1:30 PM, Always Learning <centos at u64.u22.net> wrote:> >> There are probably still people that take their cars apart to check >> that they were assembled correctly too. > > Its about taking personal responsibility for the security of your > system(s). Trusting someone else's settings of what THEY think YOUR > security should be, is very unwise.Maybe.... It is at least equally unwise to think that you are the only expert and all the people who are supposed to know what they are doing are wrong. That's why we have measles again... I'd rather see some real experts set up usable defaults instead of every person doing an install having to second-guess it. -- Les Mikesell lesmikesell at gmail.com
On Tue, 2015-02-03 at 13:37 -0600, Les Mikesell wrote:> On Tue, Feb 3, 2015 at 1:30 PM, Always Learning <centos at u64.u22.net> wrote: > > > > Its about taking personal responsibility for the security of your > > system(s). Trusting someone else's settings of what THEY think YOUR > > security should be, is very unwise.> Maybe.... It is at least equally unwise to think that you are the only > expert and all the people who are supposed to know what they are doing > are wrong. That's why we have measles again... I'd rather see some > real experts set up usable defaults instead of every person doing an > install having to second-guess it.Nothing wrong with letting "an expert" preconfigure the system and then, after installation, the SysAdmin checking to ensure all the settings satisfy the SysAdmin's requirements. -- Regards, Paul. England, EU. Je suis Charlie.
On Tue, Feb 03, 2015 at 08:03:35PM +0000, Always Learning wrote:> Nothing wrong with letting "an expert" preconfigure the system and then, > after installation, the SysAdmin checking to ensure all the settings > satisfy the SysAdmin's requirements.Wouldn't that be like having the OS installer require strict passwords, and then have the sysadmin install a less-secure password on test systems after the system is loaded? -- Jonathan Billings <billings at negate.org>
On Tue, Feb 3, 2015 at 2:03 PM, Always Learning <centos at u64.u22.net> wrote:> > Nothing wrong with letting "an expert" preconfigure the system and then, > after installation, the SysAdmin checking to ensure all the settings > satisfy the SysAdmin's requirements. >I'd just rather see them applying their expertise to actually making the code resist brute-force password attacks instead of stopping the install until I pick a password that I'll have to write down because they think it will take longer for the brute-force attack to succeed against their weak code. -- Les Mikesell lesmikesell at gmail.com