On 00-10-13 Josip Rodin wrote: > On Thu, Oct 12, 2000 at 09:54:07PM +0200, Christian Kurz wrote: > > we have now a seperate package of portmap in woody. Does this mean that > > this package will not be installed and started by default? I ask about > > this because I consider portmap as a security issue, if it's running and > > not used. So could somebody please explain to me how we handle this in > > woody? > It depends what is the `default'; if it has low priority and nothing > important depends on it, then I guess it won't be getting installed. Well, it has a priority of standard, which looks for me like it will be installed on default installations, which includes a lot of installation where it's not needed. And if then get's standard, this creates a security hole which is absolutely not needed. So from a security standpoint I would prefer that portmap get's only installed when a package really depends on it and so I'm not sure if the current priority is a good choice. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpyKjSxeUtd8.pgp
Description: PGP signature