Vino should not be included in the default install
Kees Cook
kees at ubuntu.com
Fri Jun 3 16:54:14 UTC 2011
On Fri, Jun 03, 2011 at 11:36:03AM -0500, Mario Limonciello wrote:
> On Fri, Jun 3, 2011 at 10:16, Bilal Akhtar <bilalakhtar at ubuntu.com> wrote:
> > I originally posted this message as [Bug 790009] on Launchpad.
> > It was suggested that this list is a better place for the suggestion.
> > ------
> >
> > Having "remote desktop" as an option in the default installation
> > creates a security risk.
> >
> > It invites new users to enable it, not understanding the security
> > implications. They then end up with unwanted connections to their
> > machine. A quick look around the "security discussions" forum on
> > ubuntuforums shows that this happens quite frequently.
> >
> > I propose that it should be removed from the LiveCD. If a remote connection
> > program is needed, then something that*requires* SSH tunnelling could be
> > provided.
> >
> > --
> > Jane Atkinson
> > (Irihapeti)
> >
> > --
> > ubuntu-devel mailing list
> > ubuntu-devel at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
> >
> >
> Removing sounds like a fairly heavy footed approach. If the UI to enable it
> isn't informative enough to explain the security implications, perhaps that
> UI should just be improved instead.
The UI defaults to pretty reasonable settings. Unless those have changed
since I've last looked, I don't think it's a concern.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-desktop
mailing list