[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: that webmin port

To: ports@openbsd.org
Subject: Re: that webmin port
From: Syam A Yanuar <openbie@yahoo.com>
Date: Sun, 5 May 2002 16:13:00 -0700 (PDT)

dear folks;

i`am using WebMin, and i never used.
i put in w/ reason my friends can't use console w/
text based..
but i e gree if WebMin delete from ports tree
my reason is for security and to delete dummy human.
cos w/ webmin the newbie don't know what he/she doing
w/ the box.

syam-



--- Randall Augustus Alexander <openbsd@zonedzero.net>
wrote:
> I use Webmin on all my OpenBSD servers.  To limit
> the exposure to only my
> internal network, I simply use the security options
> in Webmin and PF to
> control what IPs can access Webmin.  OpenBSD may
> have a lot going for it in
> the relm of security, but it is a simple matter to
> misconfigure OpenBSD and
> make it "insecure".
> 
> 
> There are legitimate and safe ways to use Webmin. 
> Let the user decide what
> is right for them.  By your logic, we should also
> dump a lot of the other
> ports including Samba which includes SWAT.
> 
> 
> Randall
> 
> ----- Original Message -----
> From: "Dave Watson" <dave@elephantride.org>
> To: "Ben Goren" <ben@trumpetpower.com>
> Cc: <ports@openbsd.org>
> Sent: Saturday, May 04, 2002 10:14 AM
> Subject: Re: that webmin port
> 
> 
> > --Ben Goren <ben@trumpetpower.com> [020504 16:17]:
> > > On Sat, May 04, 2002 at 05:12:46PM +0200, Marc
> Espie wrote:
> > >
> > > > Being  curious,  I  looked  at  this  last 
> port  that  is  left
> > > > interactive in our tree.
> > > >
> > > > I'd like some other security conscious people
> to look at this.
> > > >
> > > > From  what  I've  seen  on   the  webmin 
> homepage,  I'm  highly
> > > > pessimistic.   It  looks  like  the guys  who 
> wrote  this  have
> > > > absolutely no clue about security.
> > > >
> > > > e.g.,  this seems  to  me  to be  worse  than 
> proftpd. and  not
> > > > belonging in our ports tree at all.
> > >
> > > These people  might not  do things  the right 
> way, but  I'd still
> > > rather  have them  use OpenBSD  in a 
> less-than-secure manner  and
> > > benefit  from its  stability,  performance,  and
> (compromised  but
> > > still  above-average) security  than  see them 
> go with  something
> > > that's inferior in almost all other ways
> (including security, even
> > > with the potential problems Webmin creates).
> >
> > Less-than-secure is insecure.
> >
> > I think it should be removed.  If someone wants a
> less-than-secure
> > machine they should probably use something other
> than OpenBSD, or
> > download and install webmin themselves.  I have
> doubts that anyone will
> > decide to use OpenBSD simply because webmin is in
> the ports tree.
> >
> > --
> > Dave Watson
> >
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

References:
- Re: that webmin port
  - From: "Randall Augustus Alexander" <openbsd@zonedzero.net>

Prev by Date: Re: Wierdness with make plist
Next by Date: kdelibs3 libxslt dependency
Prev by thread: Re: that webmin port
Next by thread: Re: that webmin port
Index(es):
- Date
- Thread