Ubuntu is under attack

Bernard Peek bap at shrdlu.com
Wed Dec 21 22:23:12 UTC 2005


In message 
<515e525f0512210852u2420e2b8n4a36e2d58463f3ff at mail.gmail.com>, Anders 
Karlsson <trudheim at gmail.com> writes


IIRC and all that... And assumptions are really bad for the health..
Assuming it is safe to stand on a railtrack just because you haven't
seen a train for a few hours is rather a silly thing to do. Similarly,
assuming an MTA always and forever will be installed, just because you
would prefer it that way, will leave you disappointed from time to
time.

This is true but seems to be substituting one assumption for another. If 
you assume that no program will ever require a functional MTA then you 
will be caught out when a users installs such a package.

One sensible option, as you suggest, would be to audit all supported 
packages and reject any that require a functioning MTA. That at least 
means that Ubuntu itself isn't creating the problem.

A second alternative would be to install a functioning MTA by default. 
For security reasons the default should be to handle local mail only. As 
Ubuntu currently mostly works without this I don't think any elaborate 
notification scheme is required. Perhaps a notification at logon and at 
configurable intervals defaulting to daily.

I wonder whether a separate text-only console for root's mail messages 
would be useful?




-- 
Bernard Peek
London, UK. DBA, Manager, Trainer & Author.





More information about the ubuntu-users mailing list