Klaus Ethgen wrote:
> A black day in the security of Debian. Well.. One more.
Absolutely true,... :-(
Now that we have Ubuntu as competitor, which is nicely coloured and
where everything "just works", let's try to imitate (and integrate
Ubuntu stuff) as much as possible.
Or even better,... let's use Windows as archetype.
Why don't we add any user to the root group automatically!? Or even
better give him/her full sudo rights!? Doesn't the typical desktop
installation serve just one user anyway?
I really love Debian and the great work of its people, but security
seems to be dead. I don't talk about the work of the security team. I
talk about hardening.
I've seen so many examples recently, e.g. (IIRC) changing the default
for portmap back to "bind to any interface".
And I could list dozens of other examples, where packages behave(d) in a
more or less insecure way or where a rather "open" default configuration
Forgive me my sarcasm and flames above, but honestly:
It's a sad day,