On Thu, Oct 30, 2014 at 06:21:52PM +0100, Christoph Anton Mitterer wrote: > On Thu, 2014-10-30 at 16:06 +0100, Wouter Verhelst wrote: > > I would hope Debian never becomes a "truly security conscious" > > distribution by that definition. > > > It implies the distribution thinks it > > knows better than its users what the right security trade-off is, and > > that way lies disaster. > Isn't that the very what we actually do right now?! > > We think we know better which validity time is appropriate to the attack > model of users. > We think we know better whether and how users should educate themselves > above upgrades. > We think we know better which algos are still appropriate for the user > or not. > > AFAIU the term "truly security conscious" it's: > - assuming the worst (attack) > - default to be secure > - in case of uncertainty, security critical warnings or error, or in > case of unexpected things: try to educate the user what's likely to be > going on and leave the choice up to him (e.g. disable SSL3 per default, > tell the user why, but allow him to override > - try to deploy security to the masses in a way they can still deal with > it, and not just to the few paranoid people that really dig into it.
You're missing the most critical part of "security": realize that at the end of the day, a computer is still a tool to get a job done. If security gets in the way, it gets disabled, so that ends you up with a worse situation than what you had before. The world's most secure computer in the world is powered down, encased in a solid block of concrete, lying at the bottom of the Challenger Deep. It is also the world's most useless computer. To be truly security conscious is to realize that "computer security" is a study of the condition of the human mind (both that of the attacker and the attacked) rather than an exact science. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
signature.asc
Description: Digital signature
