Re: trapd authorization hacks (again)

On Wed, 2005-10-19 at 16:24 -0400, Robert Story wrote:
> On Wed, 19 Oct 2005 10:53:21 -0700 Wes wrote:
> WH> 3) I think that by default trapd shouldn't do anything out of the box
> WH> until configured with authorization information. This is a fairly
> WH> big change, but (IMHO) is the Right Thing To Do.
>
> I agree with that.

I have a certain sympathy, but several reservations.

In particular, it must be possible (and *trivial*) to restore the
current open behaviour. So this probably means a one-line configure
directive to allow anything from anywhere. (And clearly documented
as such in as many places as possible).

I realise that this is probably anathema to the security people,
but as a Network Administrator with Very Little Time, I'd wouldn't
expect a new release to "break" my currently working setup, without
an easy way to fix it again.

[I'll come back to the wider issues later today]


Another Question: what timescale are you looking at?
It's obviously not relevant to 5.2.2, so are we talking
about squeezing this into 5.3, or waiting until 5.4 ?

I suspect I know the answer :-), but I have to say that it feels
a little bit late for 5.3. Certainly if we're looking at pre1
this Friday (i.e. tomorrow!), and it's probably a bit tight even
for next Friday.

I'm concerned that we might rush something in too hastily, and
be forced to live with the consequences. Wes - is this code
that you've already got waiting to be committed, or are you
talking about developing something new?

Dave


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders