On 5 Dec 2010, at 21:37, Andrew Deason <adea...@sinenomine.net> wrote:
> On Sun, 05 Dec 2010 10:05:20 -0500 > "Chas Williams (CONTRACTOR)" <c...@cmf.nrl.navy.mil> wrote: > >>> Perhaps we should ship with it disabled by default? >> >> probably. especially since this is one of those lesser known features. >> i.e. it should be opt in, not "oh yeah, and you get this for free by >> installing". > > We only just agreed to turn on by default the configure flag that lets > you turn on restricted mode at all, for 1.6. I'd hope we'd wait another > stable release cycle or two before making it the default (maybe 2.0?). I don't see the relationship here. Are you saying that every time we ship a new feature we should ship it disabled, and then wait a couple of release cycles before enabling it? Because that's going to get boring really quickly. The relationship between being in UserList and having effective root access to the machine is poorly documented, and poorly understood. I suspect that this discussion has come as an unpleasant surprise to many people. If you add into the mix the extremely weak authentication and connection security that protects it from external attack, then I think that this is a hole we should be removing from the default install as soon as possible. Simon._______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info