Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!haven.umd.edu!uvaarpa!murdoch!astsun9.astro.Virginia.EDU!gl8f
From: gl8f@astsun9.astro.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.org.eff.talk
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1991Jun24.194648.20414@murdoch.acc.Virginia.EDU>
Date: 24 Jun 91 19:46:48 GMT
References: <8670@awdprime.UUCP> <8711@awdprime.UUCP> <8723@awdprime.UUCP>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
Lines: 22

In article <8723@awdprime.UUCP> mbrown@testsys.austin.ibm.com (Mark Brown) writes:

>| If I run into an administrator who has big holes that can be spotted
>| by COPS, I don't want to use his machine. Period. I'm out of there. I
>| don't understand why I should spend any of my time telling any
>| sysadmin that I am about to do something that's totally ethical and
>| legal.
>
>Common courtesy, perhaps.

Er, to me "common courtesy" says that I don't bother an admin with
meaningless tripe. It also says that if I spot a security problem, I
tell them.

That's what I do. I don't ask permission before I do legal and ethical
things, like checking if half the users have trivial passwords.

If you'd like to discuss what the limits of legal and ethical are,
perhaps you could start with some examples of what you think isn't so
that we have some idea what you think. It's hard to have a discussion
without a starting point. It's also a good idea to carefully pick the
group and the person you plan on discussing things with.