[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: base: Wishlist: High security base system (or separate add-on package)



On Thu, Jan 04, 2001 at 10:40:46AM +0100, Christian Kurz wrote:
> On 01-01-04 Ethan Benson wrote:
> > On Wed, Jan 03, 2001 at 07:50:58PM +0100, Christian Kurz wrote:
> > > > apt-get remove telnetd
> > > Well, why do we have telnet enabled after installation? 
> > because telnetd is priority standard, 
> Hm, what about changing the postinst of telnetd so, that I ask the admin
> who installs debian or the package, if he really wants to activate
> telnetd or not? 

"Standard" (and important) are basically defined as a "free, character
mode Unix system". Probably, this implies having telnet and telnetd
available, and being able to use NFS and so on.

Additionally, we have a more or less implicit policy that all daemons
should be run by default if they're installed. So if you don't want a
daemon running you either don't install it (or uninstall it), or change
the config files.

If you want to change "standard" to not be a "free character mode
Unix system" (and thus not have telnetd or rsh or NFS or portmap),
there probably needs to be some easy way to say "hey, I'm a curmudgeon,
I want my unix system!". Maybe via a task- package of some sort? Or some
other way? I dunno if it makes sense as a `task' per se. [0]

Cheers,
aj

[0] Random thought: maybe some "environment" packages would be an
    interesting task- alternative; so you could have a "traditional-unix"
    environment, or a "KDE" or a "Gnome" environment, or something. That
    is, collections of packages focussed on how you want to do something,
    rather than what you want to do (which is what tasks are for). For
    users who're more experienced than newbies (who've got task packages),
    but who aren't expers (who've got dselect/console-apt). Might be
    hard to keep at all organised.

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``Thanks to all avid pokers out there''
                       -- linux.conf.au, 17-20 January 2001

Attachment: pgpM4gNpF8vbH.pgp
Description: PGP signature


Reply to: