[TriLUG] security vs. services @ trilug.org
Chris Hedemark
chris at yonderway.com
Wed May 8 14:03:53 EDT 2002
On Wed, 2002-05-08 at 13:55, Tanner Lovelace wrote:
> Making the services more accessible is a great idea, but you should
> remember that if you back off the security too much you run the
> risk of making them insecure enough for someone to break in and
> mess everything up, thereby making the services non-existent.
> Security *is* important because without it you can't have any
> services.
Agreed. My contention though is that to date our approach to managing
trilug.org has been security minded to the exclusion of services in some
cases (or extremely long delays).
Going back to the ssh discussion for a moment... we recently had a
problem on fatalpha that myself and a few others helped to resolve (more
details at the meeting). Without ssh, I would have been powerless to
help, and we'd likely continue being a spam relay until someone could
get to Inflow and fix the problem in person. I also ssh in from time to
time to upgrade software packages, such as Mailman. Without ssh, I fear
we'll be creating an environment that promotes the use of old insecure
software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020508/6744bf53/attachment.pgp>
More information about the TriLUG
mailing list