[Printing-summit] [lsb-discuss] Printer/driver testing andcertification

Klaus Singvogel kssingvo at suse.de
Mon Aug 21 06:56:06 PDT 2006


Stark, Jens wrote:
[...]
> A good policy will not break existing functionality. "Thinking
> for/Protecting the customer for his own good" is synonymous for
> "patronising" in my book. Educate, if needed. Offer the choice. Do
> not castrate. IF you need added security, ask the people who provide
> the software on how to work together on this.
[...]

I stronly disagree. We had in the past security problems with CUPS.

Even, if Michael Sweet will point out now that this was long ago and
doesnt reflect current state of security of the code. But I will reply
on this that the last real distributed CUPS version was too many years
ago, and as there were no new version, there were no new bugs. :) But
stop this. We already had this boring discussion and I don't bother
you down again. :)

Anyway, SUSE had the experience that users don't want to take care
about security. They just want to use the software, but never want to
think about setting up high security fences at their small bastions in
the internet. They want all features and definitly no restriction. But
on the other side: in case of a doubt our customers are directly
connected to the internet, and no firewall nor any other wall is
between them and the attacker for protection.

Those customers, who want full features, are the same, who want full
security, as soon as a breakin was successfully done and their machine
became abused (and maybe confiscated by the police). The same people,
who complain about not having full features, complain then about lack
of security, as soon as they got any damage. Suddenly they say that
it's the distros fault not providing enough security, etc. 

So, which position should a distribution take? The full-usability one,
or the security oriented one?

Sure, it's up the distro. But I don't understand, why a large company,
such as Sharp is telling SUSE now, that we should weaken the system
for the sake of our customers. Instead we say: customer if you want to
configure this different, it's up to you, but also accept the
disadvantages.



Finally a word about the education, and suggestions regarding
information providing:

- SUSE had enough information about these enable features in the
release notes (in the past), but it seemed that people didn't read.
- SUSE is providing these information via the public available
support database (aka. sdb), but it seemed that people didn't read.
- This topic recently comes up at the cups newsserver, and can be found
via search function (or google), but it seemed that people didn't read.

And now your telling us, that people need more information about
enabled security features. gna.

What did we wrong or did we miss providing these information, except
the fact that people insist to ignore our provided data?

Regards,
	Klaus.
-- 
Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5                     E-Mail: Klaus.Singvogel at SuSE.de
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27




More information about the Printing-summit mailing list