On Thu, Aug 21, 2008 at 8:51 PM, Matthew Miller <mattdm(a)mattdm.org> wrote:
On Thu, Aug 21, 2008 at 02:22:41PM -0400, max wrote:
> Informing people of the dangers is the right thing to do, forcing them down
> your path is never the right thing to do.
Here's the thing: they're on that path, the path we put them on by making
Fedora so attractive. The path, however, leads to the top of a big cliff,
below which swim hungry sharks. We should definitely put some signs at the
top of the cliff. And we should do this: put a net to catch anyone who falls
over anyway.
If preventing network access is a good thing to do at end of life,
shouldn't security updates be forced on users as well. If security
updates aren't going to be mandatory, perhaps the system should use
the autodie measures every few months to prevent network access as
well. Un-applied security patches are just as bad as using an EOL
system.
Also, I don't think that removal of a default route goes far enough.
If there's one EOL system on the network, there are probably more.
All networking should be disabled. Otherwise, a user may re-enable
one machine only to have it compromised. The exploit could search out
other machines on the local network, re-enable their default routes
and use them for its nefarious purposes.
--
James Hubbard