New ZeroConf Spec
Micah J. Cowan
micah at cowan.name
Thu Jul 20 23:09:19 BST 2006
On Thu, Jul 20, 2006 at 11:40:44PM +0200, Florian Zeitz wrote:
> Installing ZeroConf by default isn't trowing Ubuntu's security policy
> out the window. Enabling it by default would be. That is why I and many
> other people have suggested to install it, turn it off by default and
> implement some sane method for it to be started and stoped.
Well, then, you and I agree. Why did you start arguing with me?
...but this was not the impression you gave me in this subthread:
Christoph Sturm wrote:
> maybe there is a solution between "no open ports" and "doing
> everything as root".
>
> my osx box for example feels quite safe, and it listens on the
> zeroconf port.
To which I responded:
> Everything feels quite safe, until it is exploited. Feeling of security
> in the absence of the real thing is far too common, and worse than
> having neither.
To which /you/ responded, somewhat patronizingly:
> This is a non-argument statement on it's own, so let me help you out
> with some reasoning:
...
> To use the same paradigm as for E-Mail/IM/Web Browsing for zeroconf,
> zeroconf should be started as soon as a application wants to use it and
> stopped as soon as the application doesn't need it anymore. I don't know
> how feasible this is, but it's IMO the "right" solution.
This doesn't fall under "some sane method", to me.
Nothing about prompting the user or anything, just *bam!* it's there.
--
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/
More information about the ubuntu-devel
mailing list