On Wed, Aug 02, 2017 at 08:52:15PM +0200, Maxime Villard wrote: > I disagree. The cost of doing a modload is low enough compared to the > configuration needed to use compat_linux. Just like the command you quoted.
If I wanted OpenBSD, I know were to get it. There is a balance between pissing off people and providing security. If you want to minimize the attack surface at all cost of *your* system, you are free to do so. Otherwise it has to be balanced. So far modules have primarily created problems for a lot of people without any gain. Disabling rarely used code is one thing, disabling commonly used code is something else. Stop pushing for "security" as a single goal above else. It doesn't make you more credible, it just makes people shot down sensible proposal as knee jerk reaction because they are waiting for the insane follow-up. Joerg
