[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RfD: Debian is not randomly installing services

On Fri, 27 Jun 1997, Martin Schulze wrote:

> Therefore I recommend changing our policy slightly.  I'll write down a
> paragraph for our policy later (or would you like to step forward,
> Christian?).
>   If a package contains both a server and a client, and the server
>   opens another possibility to reach the system (via network, modem,
>   radio &c.) the server will not be enabled without asking the user
>   for his permission.
> The situation looks completely different if the server has its own
> package, like `msqld' for the server and `msql' for the client.

Why not just disallow having servers and clients in the same package (an
exception would perhaps be things like multiuser games where the server is
started by the game when you run it; the worst security flaw there is that
someone might cheat at the game)?

Those people who install the server package would presumably want it
installed, even if there is a possible security flaw.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: