[ Chael Hall writes: ]
> Well my problem with defaults is that who_access defaults to 'open.' This
> is a big mistake in my opinion. All I did was convert to the latest
> version and now all of my lists are insecure. I didn't notice until I was
> culling the logs and saw a bunch of successful who requests.
I think it's always been stated that when updating .config files one
should immediately fetch the config and check it over. The defaults are
set for maximum compatibility with previous versions.