Default config file behavior - request for comment
Achim Gratz
Stromeko at nexgo.de
Wed Sep 20 17:34:58 UTC 2017
Eric S. Raymond via devel writes:
> There are three obvious ways to address this.
>
> 1. The infosec-focused way. Change the default restrictions to be
> "allow nothing." This way, if you bring it up with no config, there's
> no harm. It just spins inaccessibly.
If it does that without complaining loudly enough some folks might think
it's actually doing something and act surprised when it doesn't.
> 2. User-friendly way. Bring it up with these permissions:
>
> restrict default kod limited nomodify nopeer noquery
> restrict -6 default kod limited nomodify nopeer noquery
> restrict 127.0.0.1
> restrict -6 ::1
Stop it here. No pool (I think hardwiring pool names without consent of
the pool administrators is a no-no). Also, no drift file. You might
want to add "noserve notrust" to the last two statements.
> pool pool.ntp.org iburst
> driftfile /var/lib/ntp/ntp.drift
>
> That is, the behavior 99.9% of all installations want.
>
> 3. Leave current behavior alone.
The current behaviour was addressing a different target audience, so I
see no reason to keep it when we are targeting a different population.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
More information about the devel
mailing list