* Michael Stone said: > > bind should be run as its own user - the only objection I had in response to > > the original mail was that bind shouldn't be started as non-root without the > > administrators knowledge to that effect. Asking in the postinstall stage how > > to run bind and modifying /etc/init.d/bind accordingly would be just fine. > > And the only objection I have to that point of view is that we shouldn't > start bind as root without the administrator's knowledge of the > consequences of that action. The default should be the more secure > configuration, not the more convenient configuration. Asking in the > postinst if you want to run bind as root and modifying the init script > would be fine. If the administrator sets debconf so they don't see > questions, then they shouldn't get a bind that runs as root. I agree 100%. But read my other posting about adding a small modification option-wise to the init.d scripts - I think that's the approach that makes it easier for both maintainer and the administrator. marek
Attachment:
pgpV2_fmZnRwl.pgp
Description: PGP signature