From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42766) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bANix-0007jB-NA for qemu-devel@nongnu.org; Tue, 07 Jun 2016 16:35:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bANis-0007cy-NH for qemu-devel@nongnu.org; Tue, 07 Jun 2016 16:35:42 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52721) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bANis-0007cm-Gl for qemu-devel@nongnu.org; Tue, 07 Jun 2016 16:35:38 -0400 Message-ID: <1465331735.14901.153.camel@redhat.com> From: Gerd Hoffmann Date: Tue, 07 Jun 2016 22:35:35 +0200 In-Reply-To: References: <20160607092443.GB20196@redhat.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH] Make password based authentication the default for VNC List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Attila-Mihaly Balazs Cc: "Daniel P. Berrange" , qemu-devel@nongnu.org Hi, > Agreed. The target of this patch is however not people who know that > they want security, but rather people who don't know it :-). Ie. > people who just run things with their default settings and stop as > soon as it seems to work, without conideration for security. I have my doubts this is going to work. The wikis of this world will start to include the ",insecure", pretty much like they include ",disable-ticketing" for -spice today. And people will cut+paste that. Flipping defaults often breaks things, and this really doesn't look like a good reason to take that risk. cheers, Gerd