dear list, look, i am really not here to start a flame war and heck no, i don't want one. please excuse if my behaviour has been leading you onto this belief (or maybe not). i am simply failing to grasp the arguments laid out by wichert. that is, i don't disagree with him per se, but i have the feeling that i am also not being understood. so, please read this last attempt to clarify and then either respond, or give me a straight "shut up" and i will. and i apologize up front to sven for posting parts of his personal reply to the list.
also sprach Sven Hoexter <[EMAIL PROTECTED]> [2002.04.02.2240 +0200]: > Calm down :) It's "just" a DoS attack and if you use a Software you as > the admin should look at the normal flood of information and pick out what > you need. If you do so you know the problem and you can work around it in > different ways. One way is the Deny directiv or some of the Ulimit options > introduced into proftpd after the problem occured the first time. > In the Debian way the deny directiv is the working one. well, i am calm, but i disagree. sure, it boils down to the question who debian's audience are, but for all i am concerned, debian's reputation _used_ to include "security", and the reason why i'd (as in "would" and "had") install(ed) debian was because i didn't need to be worrying about the obvious and hence i could spend my resources on other things. had i wanted to patch one-year-old bugs in software that installs from the "security archives", then i might have just chosen to "fly" redhat. i don't understand why you aren't understanding this. i am not at all against finding the real bug as well as investigating why: > their is a patch that doesn't work and it seems like nobody proved > the patch after it was applied for the first time. but give me at least one argument why these acts cannot combine with a *temporary* fix uploaded to the so-called "security archives". > With this I'm falling back to another topic: Is the way of keeping > exploit code behind bars realy good for the admin without the > special coding skills or just new stones in the proccess of running > a secure server? exactly my point. debian's the "hacker OS", but it's also damn good. so why not take little steps such as this and keep it that way even for the ones that don't spend 20 hours a day in front of a computer and know assembler backwards... > Just my personal thoughts about your flames with Wichert. they really weren't intended to be flames. i am sorry if they felt that way. i am really just trying to be concise since i don't have much more to say than i did. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck "we should have a volleyballocracy. we elect a six-pack of presidents. each one serves until they screw up, at which point they rotate." -- dennis miller
msg06177/pgp00000.pgp
Description: PGP signature
