Vino should not be included in the default install
Hi I originally posted this message as [Bug 790009] on Launchpad. It was suggested that this list is a better place for the suggestion. -- Having remote desktop as an option in the default installation creates a security risk. It invites new users to enable it, not understanding the security implications. They then end up with unwanted connections to their machine. A quick look around the security discussions forum on ubuntuforums shows that this happens quite frequently. I propose that it should be removed from the LiveCD. If a remote connection program is needed, then something that*requires* SSH tunnelling could be provided. -- Jane Atkinson (Irihapeti) -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Vino should not be included in the default install
On Fri, Jun 03, 2011 at 11:36:03AM -0500, Mario Limonciello wrote: On Fri, Jun 3, 2011 at 10:16, Bilal Akhtar bilalakh...@ubuntu.com wrote: I originally posted this message as [Bug 790009] on Launchpad. It was suggested that this list is a better place for the suggestion. -- Having remote desktop as an option in the default installation creates a security risk. It invites new users to enable it, not understanding the security implications. They then end up with unwanted connections to their machine. A quick look around the security discussions forum on ubuntuforums shows that this happens quite frequently. I propose that it should be removed from the LiveCD. If a remote connection program is needed, then something that*requires* SSH tunnelling could be provided. -- Jane Atkinson (Irihapeti) -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel Removing sounds like a fairly heavy footed approach. If the UI to enable it isn't informative enough to explain the security implications, perhaps that UI should just be improved instead. The UI defaults to pretty reasonable settings. Unless those have changed since I've last looked, I don't think it's a concern. -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Vino should not be included in the default install
On 11-06-03 09:36 AM, Mario Limonciello wrote: On Fri, Jun 3, 2011 at 10:16, Bilal Akhtarbilalakh...@ubuntu.com wrote: Hi I originally posted this message as [Bug 790009] on Launchpad. It was suggested that this list is a better place for the suggestion. -- Having remote desktop as an option in the default installation creates a security risk. It invites new users to enable it, not understanding the security implications. They then end up with unwanted connections to their machine. A quick look around the security discussions forum on ubuntuforums shows that this happens quite frequently. I propose that it should be removed from the LiveCD. If a remote connection program is needed, then something that*requires* SSH tunnelling could be provided. -- Jane Atkinson (Irihapeti) -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel Removing sounds like a fairly heavy footed approach. If the UI to enable it isn't informative enough to explain the security implications, perhaps that UI should just be improved instead. The UI allows the user to setup remote access without a password, either a password should be generated automatically, or it shouldn't be enabled without having to enter a password manually, and I really feel that uPNP shouldn't be an option during setup. -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel