[issue1326] more safe and handy default configuration
Michael Prokop
bts at bts.grml.org
Tue Nov 18 22:32:22 CET 2014
Michael Prokop <mika at grml.org> added the comment:
* Elmar Stellnberger wrote in grml's BTS on 20141118 / 15:49:
[network service startup]
> > We start by default what's considered to be important for our target audience.
> > E.g. there's no point in not starting dhcp by default for the usual scenarios
> > Grml is used in. If you don't want to start dhcp you can easily turn it off by
> > using the nodhcp boot option.
> > What we *could* discuss though is whether it would make sense to make startup of
> > rpcbind/rpb.statd and avahi-daemon more controllable (though we never had a
> > single user requesting this since a long time, so I'm wondering whether it's
> > really such an issue?). Any opinions on that?
> Why not give it an additional boot option (alltogether not only nodhcp) and
> add that option to the default boot menu? This is an important use case.
> I have seen that you have so many boot options; why not add one called
> 'without networking' and/or 'with manual network setup only'.
Because we'd have to overlay/rewrite/adjust any existing init script
that's providing network services to be able to provide such a
"without networking" feature. And if there's not much gain and
demand for it why invest our limited manpower to it? If you know a
better way how to implement that please let us know.
[...]
> Remember that turning off services may not be possible if the wlan
> interface is turned on by default.
You usually need to configure the WLAN interface to even get an IP,
so I can't follow your logic here, sorry.
> >> * gpg keys of all major distributions should be included in order to be able to
> >> verify downloads made via GRML. A similar issue has already been posted for the
> >> System Rescue CD: http://www.sysresccd.org/forums/viewtopic.php?f=6&t=5208
[...]
> I see your point that there will be some overhead in managing such a list.
Feel free to come up with maintaining such a list, I won't do it
since I don't see this as feature relevant for Grml.
> However I believe you did not consider my considerations about it yet:
> If you only have an untrusted internet connection (and we all have) then
> we need some way to fetch the keys via another more trusted medium.
[...]
> I believe you will. - A shop purchased DVD including GRML will be 100%
> safe following this argumentation while simply downloading something
> is known to be 100% unsafe these days.
I disagree, this would mean that you'd rely on the Grml ISO as a
middle man, instead of just verifying the keys on your own. And
checksums and Web of Trust exists.
regards,
-mika-
----------
messages: 4871, 4878, 4892, 4896
nosy: estellnb
priority: wish
status: need-eg
title: more safe and handy default configuration
_____________________________________
GRML issue tracker <bts at bts.grml.org>
<http://bts.grml.org/grml/issue1326>
_____________________________________
More information about the Bugs-changes
mailing list