[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for Comments: Standardize enabling/disabling of system services



On Wed, Apr 01, 2009 at 08:38:46PM +0200, Patrick Schoenfeld wrote:
> Well, its only about *new* services after installation. The intention
> behind that is that some people don't like to run un- or half-configured
> daemons immediately after installing them.

It's Debian policy that packages should come with a reasonable default
configuration.  If a given package provides a default configuration for a
service that is not reasonable, you should take that up with the maintainer
of that package.

Note that this does not imply "any service that ships enabled is buggy".  It
means only that the maintainer of the package is responsible for ensuring
the default behavior isn't insecure or horrid.  Demanding that services one
selects for installation not be enabled out-of-the-box is not a prerequisite
to achieving the policy goals; that has more to do with placating
control-fetishizing admins than with ensuring secure defaults.

> > I like the homogenization part of your proposal, but the default policy
> > should be set by packages themselves, not by the local administrator.

> Well, thats an opinion I can't agree less with. Yes, I accept that there
> are special cases, but the default really should be that the admin has
> the last word.

Well, I don't see in what sense this is a "default".  The default is what's
shipped in the package.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org


Reply to: