Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!zephyr!tektronix!percival!parsely!bucket!whizz!bbh
From: bbh@whizz.uucp (Bud Hovell)
Newsgroups: comp.unix.wizards
Subject: Re: GNU, security, and RMS
Message-ID: <633@whizz.uucp>
Date: 6 Jun 89 16:30:11 GMT
References: <106326@sun.Eng.Sun.COM> <422@ladcgw.ladc.bull.com> <13688@ncoast.ORG> <15812@vail.ICO.ISC.COM> <2322@thor.acc.stolaf.edu> <29457@ucbvax.BERKELEY.EDU>
Reply-To: bbh@whizz.UUCP (Bud Hovell)
Organization: McCormick & Hovell, Inc.
Lines: 40

In article <29457@ucbvax.BERKELEY.EDU> haynes@ucbarpa.Berkeley.EDU.UUCP (Jim Haynes) writes:
>In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes:
>>
>>(2) There should not be security among the users of a computer system.

>Well, you have a right to your opinion; but a corollary of this belief
>is that all the users of a computer system have to be mutually friendly
>and responsible and trust one another.  Which sounds like the mythical
>home town where people don't need to lock the doors when they leave home.

Such home towns were not a myth. I lived in several during my lifetime. But
they were characterized by having populations which were fairly stable,
and relatively small, and where the same shared values were preserved by the
vast majority of people. In other words, they tended to be highly homogenous.

>I claim the right to remain highly skeptical when the user community is
>a collection of college students of widely varying backgrounds, political
>beliefs, sexual orientations, maturities, academic abilities, etc.

You're right. But this doesn't fit the definition of the "home town" to which
you referred. No highly heterogeneous community (San Francisco, or typical
college campus, etc.) will fit. And the safeguards will probably have to be
much more stringent.

People tend to generalize from their own (often immediate) experiences. Having
a system set up under the assumption of "trusted users" is not wrong if the
population of such users is, indeed, trust-worthy. If not, then greater safe-
guards are indicated. But the appropriate level of security (on a computer
system - or in a community) is a function of the degree and nature of likely
threat, not compliance to iron-clad rules which fail to recognize sometimes-
enormous local differences. 
 
                                 Bud Hovell

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
: UUCP:  {sun!nosun  |  tektronix!{percival|bucket}  |  attmail}!whizz!bbh :
: TELEX: 152258436 (Whizz/Bud Hovell)               VOICE: +1 503-636-3000 :
: USPO:  McCormick & Hovell, Inc., PO Box 1812, Lake Oswego, OR  USA 97035 :
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
                                 "Vote NO!"