Your Distro is Insecure: Ubuntu
Kees Cook
kees at ubuntu.com
Tue Apr 14 16:15:00 UTC 2009
On Tue, Apr 14, 2009 at 12:01:04PM -0400, Ben Rousch wrote:
> As admitted above, it could be more secure, but it would also be more
> difficult to use. Why not let the admin make that choice?
They already can (some choices are already offered in the installer,
some can be made after installation is done).
If a desired feature is to ask the admin more questions during install
about things like the default home directory permissions, that can
certainly be discussed. But the implication that we would provide a
"less secure" install option isn't the right way to go. The server
install IS already secure (regardless of what the wrong-headed article
tries to say). If people want to work on making it more _configurable_,
that's certainly an achievable goal.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-server
mailing list