Bug#81118: base: Wishlist: High security base system (or separate add-on package)
reassign 81118 ftp.debian.org
Anthony Towns <email@example.com> writes:
> On Thu, Jan 04, 2001 at 10:57:52PM +0100, Arthur Korn wrote:
> > Joey Hess schrieb:
> > > If it is a daemon that binds to a port, and it doesn't have "secure" in its
> > > name or "encryption" in its description, it's gotta be insecure.
> > Debians minimal system (what's called 'standard') is to fat.
> That would be because standard isn't intended to be a minimal system at
> all. If you want minimal, just install the "important" packages. If you
> want _really_ minimal, just install the "required" packages.
No, this is incorrect.
Standard packages all get installed by default, and should be, based
on Policy itself.
Guys, I am fully in agreement that telnetd should *not* be priority
standard. In fact, no network services should be isntalled by default
in Debian unless asked for!
On the other hand, this problem must be fixed by filing bugs against
ftp.debian.org or else the packages themselves to get the standards on
the packages in question changed.
The base system really has nothing to do with this issue -- it's a
question of debian itself, since base itself doesn't include telnetd,
or any of the NFS stuff.
Refiling this bug against ftp.debian.org.
.....Adam Di Carlo....adam@onShore.com.....<URL:http://www.onShore.com/>