On Thu, Feb 05, 2004 at 05:06:26PM -0600, Jeremy Enos wrote: > No reason why we couldn't do that. (it won't be in the "configurator" as > we now know it, due to the order of operations, but that's not > relevant) I'm fine w/ something like that and defaulting to "yes"... > however, could someone provide at least one solid reason not to simply > setup tftpd all the time? I'm sure we include other tools for a > catch-all/majority-use purpose, in spite of the fact that the user isn't > *guaranteed* to use them. What's the big deal here? Why busy the > interface?
Because tftpd is a massive security hole. Unauthenticated file access to
the server is something that shouldn't be done to someone's machine without
their knowledge. About a year ago you commented that it was pretty bad that
we leave it on after install of nodes, so turning it on for people that
don't ever need it seems *really* bad.
Maybe print the text in BIG RED LETTERS "READ THIS PARAGRAPH OR YOUR CLUSTER
WILL NOT INSTALL" kinda thing.
-Sean
--
__________________________________________________________________
Sean Dague Mid-Hudson Valley
sean at dague dot net Linux Users Group
http://dague.net http://mhvlug.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
pgp00000.pgp
Description: PGP signature
