[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: update-inetd

Hash: SHA1


Am Sa den 13. Jan 2007 um  1:18 schrieb Roger Leigh:
> > c) update-inetd should default to creating none unless explicitly told
> >    to. This has the advantage of staying secure if a dau admin install a
> >    package accidentally.
> This would not square with the current practice of defaulting to a
> secure but functional service when you install a package.  If you
> didn't want to run it, you wouldn't install it.  The admin always has
> the option of commenting it out.

Well, but it would be the way a daemon has to work. As admin I do never
like to have a deamon enabled before I configure it properly. And some
packages install a server as dependencies. (Sure, this is a bug.)

> I've been exposed to using Fedora recently, which takes the approach
> you suggest of requiring explicit enabling of *everything*, and it's a

I do not see the point. Fedora do enable everything what is needed to
run the system. All deamons which are not needed essentially are
disabled by default. (Other think is the strange dependencies in RedHats

> complete pain.  Trying to discover the thing to tweak to get a daemon
> to work is rather annoying; intentionally "crippling" a package by
> default is not IMO the way to go.

Hmm. I don't think so. It is easy to do a "update-inetd --enable
whatever". Moreover in my eyes the functionality should be the same if
inetd or xinetd is uses (like RedHats chkconfig do).

And the mess is at the moment there is no way of NOT to install any
superserver at all. There is software you don't want to run as deamon
but having dependencies for inetd or (better) update-inetd. And there
are also packages arround NOT having dependencies for update-inetd but
using it in postinst and/or prerm.

   Klaus Ethgen
- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: