On Wed, Sep 29, 1999 at 03:51:37PM +1000, Craig Sanders wrote: > On Wed, Sep 29, 1999 at 12:52:16AM -0400, Mark W. Eichin wrote: > > True, but don't forget the case of an initial install - you pick some > > profile, and get lots of stuff, with no hints. (In this case, I like > > they idea of a debconf global flag of "prompt me about daemon > > enablement", which is kind of the *reverse* of what most people want > > debconf for...) > > IMO that's the price you pay for saying "install a whole bunch of random > stuff i haven't personally selected". if you cared, you'd take the time > to vet all selections yourself. if you don't care, accept whatever the > selection set gives you. if you discover later that you actually DO > care, then uninstall or disable the relevant package. The fantasy is over--WELCOME TO REAL LIFE! It turns out that some people install linux without preexisting knowledge of how to securely administer a unix machine. When we ship a system with a bunch of stuff enabled by default, we're not only putting their machine at risk but we're also creating problems for everyone else who's system is attacked by someone using the debian machine as a jump-off point. That's bad. It's really time to get away from the mentality that everyone needs to have everything turned on all of the time; if a persone really *needs* something enabled, they can figure out how to do it. (If they can't, should they really be administering a network node?) This isn't a UI issue, this is a matter of security and of us taking responsibility for the state of quite a few systems out on the internet which will be configured according to *our* defaults. Mike Stone
Attachment:
pgp2dEo4gD4Wy.pgp
Description: PGP signature