On Mon, May 05, 2003 at 02:02:41AM -0700, Doug Barton wrote: > I have to object to this change of direction. Both on POLA grounds, and on > the grounds that because most people don't use kerberos, it shouldn't be > the default. I also think that given the historical propensity of kerberos > to be vulnerable to attack, it definitely shouldn't be included by > default. Actually, I think we've now fixed POLA issues ... previously we installed the Kerberos bits by default, but did not rebuild them when the rest of the system was updated. Other OSes that supply Kerberos directly come with those bits by default. I do not think that whether or not `most people' use a part of the system is the only (or most important) criteria in determining whether or not to build or not build that part of the system by default. To what `historical propensity' are you referring? I intend this as an honest question. We include software in the base system that most definitely has a poor security track record, but I don't think that Kerberos 5 gets any distinction in this regard. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar_at_celabo.org . jvidrine_at_verio.net . nectar_at_freebsd.org . nectar_at_kth.seReceived on Mon May 05 2003 - 03:10:52 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:06 UTC