Currently ddb.onpanic and ddb.fromconsole are both enabled in
	release kernels. This is very convenient for those who want to
	use ddb, but may not be ideal for a standard user.

	ddb.onpanic:
	    On panic a machine will drop into ddb rather than
	    rebooting. This can be an unpleasant surprise for anyone
	    who has setup a server which panics for any reason
	    while they are not at the console - it will just sit
	    in ddb until someone reboots it. Can be particularly
	    unfriendly if the machine is in X as it will appear to
	    hang rather than reboot.

	ddb.fromconsole:
	    People can accidently enter DDB (on i386 CTRL+ALT+ESC is
	    in line with the keys to switch virtual consoles). If someone
	    does not know what DDB is this can leave them very confused.
	    Its also provides a very quick way to break into a machine
	    if you have console access (standard caveat about physically
	    secure machines apply, but if someone has xlocked a machine
	    its trivial to switch to a text console, enter DDB, kill xlock,
	    play with the machine and restart xlock without them knowing
	    anyone has been at the machine).

	I'd like to suggest we provide two versions of the GENERIC kernel,
	GENERIC without DDB and a GENERIC_DDB for those who want it.

	An alternative would be to disable ddb.onpanic and
	ddb.fromconsole in generic, maybe leaving it enabled in -current
	and not releases (not as happy with the latter idea as it is a
	change in behaviour which violates the PoLS).

	I know how useful DDB can be, I just think that the current
	situation causes problems for people who haven't become
	familiar with it.

-- 
		David/absolute		abs@formula1.com