Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
[opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Sat, 9 Feb 2019 18:53:57 -0000 (UTC)
  • Message-id: <q3n7k5$39i4$2@blaine.gmane.org>
On Wed, 06 Feb 2019 17:48:24 +0100, Liam Proven wrote:

On 2/6/19 5:05 PM, Jeff Mahoney wrote:
It's a simple cost-benefit analysis. Developer time (even if it's
volunteer) isn't free. If you want to invest your personal time in
auditing and improving every file system that Linux supports, that's
certainly your prerogative. As those file systems are improved, we can
discuss removing them from the blacklist.

But that's not how it works.

I'm afraid that how it works is:

"I tried $DISTRO-1 but it didn't work with $DISTRO-2 and $OTHER-OS, so I
switched to $DISTRO-3 because it just worked."

Until the headline "all Linux systems using [filesystem that should have
been blacklisted] exposed to fatal security flaw" shows up.

I'd rather be secure by default.

You don't prevent security exploits from being used by saying "yeah,
whatever, make it easy and don't give a damn about security until it's a
problem" - because at the point the problem is reported, it's too late.

Like I said earlier, if you're offering to step up and do proper
maintenance on these niche filesystems, that's great. They need it.

But if you're not, then don't make my systems less secure because it's
too inconvenient for you to uncomment a driver you need in a blacklist
file on the systems you specifically need the feature on.
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
Follow Ups