Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!mit-eddi!smh From: smh@mit-eddi.UUCP (Steven M. Haflich) Newsgroups: net.unix-wizards Subject: Re: More comments about UNIX Security. Message-ID: <312@mit-eddi.UUCP> Date: Sat, 25-Jun-83 08:35:28 EDT Article-I.D.: mit-eddi.312 Posted: Sat Jun 25 08:35:28 1983 Date-Received: Sat, 25-Jun-83 19:45:07 EDT References: sri-arpa.2366 Lines: 16 OS security is such a challenging intellectual problem (like chess) that its public discussion ought to be justified for that reason alone! More practically, everyone on the net should realize that it is almost impossible to restrict information flow. Three people can keep a secret if two of them are dead, as the old saying goes. One wizard at a site receives the security mailing, properly passes it on to other wizards, but all it takes then is for one of them to leak the info innocently of not to unauthorized readers. (E.g., I have friends at a university site, out of state and not on the net, who could reasonably qualify for distribution. What if I innocently pass the stuff onto them, but they incorrectly understand the need for security.) If you want to discuss security issues, best to do it in public. At the very least, assume the discussion IS public, despite best efforts to the contrary.