On Wed, Jul 23, 2008 at 9:01 PM, Fergus Henderson <[EMAIL PROTECTED]> wrote: > On Wed, Jul 23, 2008 at 10:36 AM, Ihar `Philips` Filipau > <[EMAIL PROTECTED]> wrote: >> >> Actually, last time I was deploying distcc we had serious problems >> with the newly introduced security. > > There's always going to be a trade-off between security and convenience. > But the default configuration has to be secure. >
I have read your comment. I can hardly say anything against increased security. > If you have any specific suggestions about what we can do to make things > more convenient without compromising security for the default configuration, > and without preventing those folks who do care about security from getting > it, please let us know. > :) I understand now better than before that most uses of distcc proportionally would large companies where the security, accounting and auth are must. All I can add is that simple option to turn off all the measures would make also lots of people who use distcc in more or less private secure environments really happy. My wish then would be to have a magic option (which might also throw some warning into logs, to warn the lazy people like me about consequences) to disable all security features altogether. e.g. --security=off and default --security=on (or whatever popt can handle). At the moment (3.0rc2) it seems that only main() in daemon.c needs to be modified to not to complain that opt_allow list is empty if security is disabled. Listen still listens by default on 0, so no changes there is needed. __ distcc mailing list http://distcc.samba.org/ To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/distcc