[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The netsec thread

From: Robert Pluim
Subject: Re: The netsec thread
Date: Mon, 29 Jul 2019 09:50:03 +0200

>>>>> On Sun, 28 Jul 2019 21:08:05 +0200, Lars Ingebrigtsen <address@hidden> 
>>>>> said:

    Lars> I've now done some testing of the netsec branch, and it basically 
    Lars> good to me.  It's a bit too detailed in the warnings it presents to 
    Lars> user -- the original idea was to keep the level of detail down so that
    Lars> it won't scare away everyone but security professionals, and it's now
    Lars> rather scary.

    Lars> I've only skimmed the patch set -- it's 2200 lines, but I've got one
    Lars> question to Robert: The patches that add `network-lookup-address-info'
    Lars> went into the netsec branch.  Was there any particular reason for 
    Lars> They seem rather unrelated.  (It does look like a useful addition,
    Lars> though.)

I seem to remember Jimmy wanted it so he could add further consistency
checks. He dropped off before he could explain exactly what those
were, and they're not necessary for his changes.

    Lars> So my plan here is to wait a few days to see whether there are any
    Lars> further comments, and then merge the branch into the trunk.  I will 
    Lars> do some cosmetic touch-ups; mostly moving all new details displayed on
    Lars> the first warning screen to the "details" page.

I had some issues with nsm-trust-local-network as a concept and also
the IP addresses it checked. And is now a valid range (on
very recent Linux kernels anyway), so that test needs adjusting.

Did I send a patch for that? I donʼt remember, and Monday morning
laziness is strong today.

    Lars> Sound OK to everybody?

Sure. Please leave network-security-level 'paranoid alone, though.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]