Re: Release update

[Nathanael Nerode <neroden@twcny.rr.com>]

Javier Fernández-Sanguino Peña wrote:

> On Tue, Mar 30, 2004 at 12:46:54PM +0200, Alexander Schmehl wrote:
<snip>
>> 111/tcp open  rpcbind  2 (rpc #100000)
> 
> That's portmap. Again 'standard' priority. And useless in a Desktop-Office
> environment unless you use RPC services (which you don't seem to)

The automatic portmap install sucks, and apparently is usually due to FAM
requiring and using RPC.  This whole chain is unnecessary unless you use
NFS, but apparently the FAM and portmap maintainers haven't managed to
coordinate their act well enough to figure out how to run fam *without* RPC 
listening by default.  :-P  Perhaps a fam-norpc package in 'standard', with
the full fam package in 'extra'?

>> 113/tcp open  ident    OpenBSD identd
> 
> That's probably open because of 'pidentd'. Standard priority, but
> shouldn't be there.
Who uses identd anyway? :-)  From reading the RFC, the daemon seems to be
quite strictly a server tool, and fairly sophisticated servers at that --
but I could be utterly mistaken.

<snip>
> Based on this info I still advocate for implementing/fixing #62145,
> openssh, lpr, portmap and nfs-common all use tcp-wrappers (though libwrap)
> Either that or find a way to avoid having openssh/lpr/portmap/nfs-common
> installed in the environment Alexander describes.
Indeed.  :-(

> Only lpr is needed in
> that environment and it still could be replaced with other non-network
> aware printer package or configured to only listen on the loopback
> interface.



-- 
Make sure your vote will count.
http://www.verifiedvoting.org/