[Info-vax] DECUServe is a Hobbyist Chapter
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Jul 4 15:46:35 EDT 2020
On 2020-07-04 14:24:09 +0000, Phillip Helbig (undress to reply said:
> In article <rdq39n$f4f$1 at panix2.panix.com>, kludge at panix.com (Scott
> Dorsey) writes:
>> This is what many linux dialects do. It's possible to do this easily
>> with package management; you can install the parts of the system that
>> you want without the parts you don't want without having to manually
>> figure out dependencies. A day will come when VMS has integrated
>> package management, and I suspect it will happen before Windows ever
>> does.
Chocolatey is probably the best available Microsoft Windows package
manager. Not that I use Windows.
Fortran itself is starting to sprout a package manager with fpm, too:
https://github.com/fortran-lang/fpm
Another to look at is nimble, and there are many others, each with
differing degrees of acceptance and differing issues.
> When installing VMS from CD, one can choose not to install DECnet.
> Even if TCPIP is installed, nothing is configured by default.
Again, get rid of DECnet. Get rid of telnet. Get rid of ftp. Those are
all past their sell-by date, and those are all insecure.
And yes, integrate IP into OpenVMS.
And if a site needs telnet or ftp or DECnet, make the user aware that
they've quite possibly hosed their configuration, when the system
manager (separately) installed that.
I'd seriously consider booting with an "insecure" configuration message
displayed, when a known-insecure VSI package is installed and is
enabled.
Why make the user aware? You (Phillip) clearly have misconceptions
around how some of these tools operate, as well other folks.
More than a few app developers make security mistakes, and OpenVMS does
not guide developers away from the mistakes. Nor does OpenVMS make this
easy.
OpenVMS V8.4-2Lx was a start, and upgrading OpenVMS security and
OpenVMS apps to something approximating modern security is itself a
multidecadal project.
Ditching the old and the insecure is part of upgrading security.
Replacing the password hash, as discussed in earlier threads, too.
That, or remove the "most secure operating system on the planet"
marketing bait that's being dangled.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list