--- Crispin Cowan <[EMAIL PROTECTED]> wrote: > Al Viro wrote: > > On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote: > > > >> Defense in depth has long been recognised as an important secure design > >> principle. Security is best achieved using a layered approach. > >> > > "Layered approach" is not a magic incantation to excuse any bit of snake > > oil. Homeopathic remedies might not harm (pure water is pure water), > > but that's not an excuse for quackery. And frankly, most of the > > "security improvement" crowd sound exactly like woo-peddlers. > > > Frank's point was that the static interface makes layering somewhere > between impractical and impossible. The static interface change should > be dumped so that layering is at least possible. Whether any given > security module is worth while is a separate issue. > > I.e. that there are bad medicines around is a poor excuse to ban > syringes and demand that everyone be born with a strong immune system. > > Why is it that security flame wars always end up reasoning with absurd > analogies? :-)
That's my fault, sorry. I don't know why it's my fault, but that's where it usually ends up and I thought I'd get the blame bit out of the way. Gotta go squeeze some legless reptiles now. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html