[Ach] justifing config. settings in the paper [SEC=UNCLASSIFIED]

Brown, Scott Scott.Brown at cert.gov.au
Fri Nov 15 04:46:50 CET 2013

I'd +1 this.  

This helps in two ways:

 - If you have a pro-active admin, its more fuel/ammo for them to use the config. 
 - If they are a "reluctant" admin, it's harder for them to say no/push back when there is justification on why settings should be changed/applied....

Just my 2c.

-----Original Message-----
From: ach-bounces at lists.cert.at [mailto:ach-bounces at lists.cert.at] On Behalf Of Aaron Zauner
Sent: Friday, 15 November 2013 1:40 PM
To: ach at lists.cert.at
Subject: [Ach] justifing config. settings in the paper


I just sent the paper to a collegue of mine who made a good remark: Whats completely missing is a justification for the settings we dropped in the paper - i.e. i'd suggest to add a short paragraph after every verbatim config text that reads "Justification: [...]" explaining why we chose those settings in addition we should add a second paragraph "Note on compability: [...]" explaining for example which parts of the configuration won't work with older versions of daemons (think apache, ssh, nginx,..) and which parts break certain clients. This is paramount since administrators will not deploy settings if they find out they do not work in practice - which would make the paper quite useless.

Whats your opinion?

If you have received this transmission in error please
notify us immediately by return e-mail and delete all
copies. If this e-mail or any attachments have been sent
to you in error, that error does not constitute waiver
of any confidentiality, privilege or copyright in respect
of information in the e-mail or attachments.

More information about the Ach mailing list