Remix clone Hacker News

new | show | ask | jobs Github

	▲	mkipper 7 days ago
		This question is sorta similar to "Why don't distros enable restrictive MAC policies by default" Maintainers _could_ take the time to lock down sshd and limit the damage it can do if exploited, but there are costs associated with that: `1. Upfront development cost 2. Maintenance cost from handling bug reports (lots of edge cases for users) 3. Maintenance cost from keeping this aligned with upstream changes` You could extend this argument and say that distros shouldn't bother with _any_ security features, but part of the job of a distro maintainer is to strike a balance here, and similar to SELinux / AppArmor / whatever, most mainstream desktop distro maintainers probably don't think the juice is worth the squeeze.