[Prev][Next][Index][Thread]

Re: Perl Co-inventor Convicted

Lex Spoon (sspoon@hubcap.clemson.edu) wrote:
* wendy wrote:

* : Especially if you are doing work that looks, sounds and smells exactly like
* : an illegal activity, where the ONLY difference is the approval and
* : permission of the owner, it makes sense to get everything signed off in
* : advance and keep the communication lines open.  The best authorizations I
* : have seen in this area were phrased like this:

* : "You [name] are authorized to conduct the following activities:

* : using the tools:  [blah, blah, and blah]
* : on the following systems: [blah, blah and blah]
* : for the following purpose: [blah, blah, blah]
* : during this time period: [blah to blah]"

* This would be terrible, though!  If you hired an architect to design a
* building for you, would you tell them what tools they can use?  If 
* a someone knows enough about computer security (or whatever) to give
* a *good* list of authorizations, then there would be little reason
* to hire an expert for the job anyway.

* Also, you can't ask your boss before you do every single thing.  "may
* I press the 'R' key?  may I press the 'J' key?  may I use my
* right index finger?" 

You are trying to ridicule a very reasonable idea with silly arguments.
I see no problem with _letting the boss know_ what you are going to do.
In fact this kind of authorizations are usually written by _requestors_
and _signed_ by administration. What you are trying to present us,
administration defining technical aspects of security monitoring,
happens very rarely.  This procedure usually takes 15 minutes and
effectively removes any problems.

Moreover, even simple talking to others about what you are going to do
would effectively remove all problems that Randall ran into.

--
	- Igor. (My opinions only) http://www.galstar.com/~ichudov/index.html
   For public PGP key, finger me or send email with Subject "send pgp key"
Follow-Ups: References: