[BlueOnyx:12704] Re: Proposed changes to BlueOnyx DNS (important!)

[George F. Nemeyer]

On Sun, 31 Mar 2013, Michael Stauber wrote:

> Personally I tend to option (a) and want it locked own and damn the
> consequences. But I'm willing to listen to reason. :-)

I'd go for A, since

- the whole reason we're dealing with the current mess is that defaults
were dangerous (though admitedly, reasonable for the times, but the net's
not what it was any more)

- the number of unknowingly open ones due to cluelessness will likely
continue to vastly outnumber the ones that are open due to need or
conscious configuration.  If there *is* a need, then the operators should
know how to enable it accordingly.

If there is any way to have the package install pause and present a
warning/confirmaton, or otherwise pass on the instuctions for
configuration, then by all means do that.

I know the logs get certain info, but it's doubtful anyone reads them on a
auto-update, especially if there's lots of packages changed.  Maybe force
an e-mail to root/admin?  Hopefully, that would get forwarded to someone
responsible.

I know lots of RH rpms rename config files that you sometimes have to
replace with old ones or re-edit, so if the install process can alert that
something like this is happening, so much the better.

Still, in the present case, if people are angry, at least they should
appreciate the fact it's for the greater good.

=^_^=  Tigerwolf