system autodeath

James Hubbard jameshubbard at gmail.com
Fri Aug 22 15:03:50 UTC 2008


On Thu, Aug 21, 2008 at 8:51 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> On Thu, Aug 21, 2008 at 02:22:41PM -0400, max wrote:
>> Informing people of the dangers is the right thing to do, forcing them down
>> your path is never the right thing to do.
>
> Here's the thing: they're on that path, the path we put them on by making
> Fedora so attractive. The path, however, leads to the top of a big cliff,
> below which swim hungry sharks. We should definitely put some signs at the
> top of the cliff. And we should do this: put a net to catch anyone who falls
> over anyway.

If preventing network access is a good thing to do at end of life,
shouldn't security updates be forced on users as well. If security
updates aren't going to be mandatory, perhaps the system should use
the autodie measures every few months to prevent network access as
well. Un-applied security patches are just as bad  as using an EOL
system.

Also, I don't think that removal of a default route goes far enough.
If there's one EOL system on the network, there are  probably more.
All networking should be disabled.  Otherwise, a user may re-enable
one machine only to have it compromised.  The exploit could search out
other machines on the local network, re-enable their default routes
and use them for its nefarious purposes.

--
James Hubbard




More information about the fedora-devel-list mailing list