On 05/04/15 16:25, Murray S. Kucherawy wrote:
> On Mon, 4 May 2015, Phil Stracchino wrote:
>> I am of the belief that security-related changes, particularly ones that
>> disable or drop support for security-related features, should ALWAYS be
>> flagged IMMEDIATELY. You never know who or what might be relying on
>> that feature being there.
>
> What does "flagged" mean, exactly? Generate warnings, be considered
> invalid, something else?
Sorry, poor wording on my part.
It is my opinion that when a change removes or drops support for a
security-related feature, it should not rely on a warning notice that
may quite possibly never be read, but should *require* that the issue be
addressed in order to continue.
"Oh, that thing you asked me to do? I won't do it any more. Call me
back if this is a problem. Have a nice day." is bad.
"Hey, this thing that you asked me to do? I can't do it any more. How
do you want to handle this? Tell me how you want me to proceed." is
much better.
--
Phil Stracchino
Babylon Communications
phils_at_caerllewys.net
phil_at_co.ordinate.org
Landline: 603.293.8485
Received on Tue May 05 2015 - 03:14:26 PST