Would it be remotely possible to keep policy and implementation
issues seperate? The single most common pattern on this mailing list is
- A asks an implementation question
- B, C, D and E, none of whom appear to have any clue what the
answer to the question is, hop up and start spouting off about
how A's policy sucks, usually pontificating about 'everything
not permitted is an eel' and 'most security experts agree' that
'everything larger than a breadbox is an elephant in denial' or
This gets very old, very quickly. Why not just assume that A knows
this grade-school material, and has some reason for wanting to carry out
the implementation under scrutiny?
Policy is not Implementation. They are orthogonal issues. Discuss
one, or discuss the other, but please don't talk about one simply because
you have nothing of substance to say about the other.