Johannes Ernst [2015-11-05 23:11 -0800]: > This makes my point. The default = 0 is counter intuitive and costs much time > for the lucky ones among us who can figure it out. The rest will just give > up...
It's less counter-intuitive, but the problem is that it breaks a lot of existing tools that expect that the global kernel settings actually work. Note that this was discussed recently already here, but rejected: https://github.com/systemd/systemd/issues/1411 Thus at least CoreOS and Ubuntu now change the default to "kernel", which pretty much DTRT. (I'm still pondering doing that in Debian too). If you don't explicitly configure it in your .network then the global setting is applied, and as that defaults to 0 the "secure by default" aspect is also satisfied. Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
