[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: update-inetd



Klaus Ethgen <Klaus@Ethgen.de> writes:

> I have a another:
>
> Am Do den 11. Jan 2007 um 23:14 schrieb Roger Leigh:
>> a) Every package calling update-inetd should call it twice; once for
>>    IPv4, and again for IPv6.  This would require all packages to be
>>    updated.
>> b) update-inetd should default to creating both unless explicitly told
>>    not to.  This has the advantage of being transparent.
>
> c) update-inetd should default to creating none unless explicitly told
>    to. This has the advantage of staying secure if a dau admin install a
>    package accidentally.

This would not square with the current practice of defaulting to a
secure but functional service when you install a package.  If you
didn't want to run it, you wouldn't install it.  The admin always has
the option of commenting it out.

I've been exposed to using Fedora recently, which takes the approach
you suggest of requiring explicit enabling of *everything*, and it's a
complete pain.  Trying to discover the thing to tweak to get a daemon
to work is rather annoying; intentionally "crippling" a package by
default is not IMO the way to go.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: pgpW6b0jXrQ_5.pgp
Description: PGP signature


Reply to: