Re: Request for Comments: Standardize enabling/disabling of system services
On Wed, Apr 01, 2009 at 03:54:22PM -0700, Steve Langasek wrote:
> On Wed, Apr 01, 2009 at 08:38:46PM +0200, Patrick Schoenfeld wrote:
> > Well, its only about *new* services after installation. The intention
> > behind that is that some people don't like to run un- or half-configured
> > daemons immediately after installing them.
> It's Debian policy that packages should come with a reasonable default
> configuration. If a given package provides a default configuration for a
> service that is not reasonable, you should take that up with the maintainer
> of that package.
Yes. This does however not imply nor is it required that it implies
that the admin agrees with what the Debian maintainer calls reasonable.
I mean: C'mon, we can't even agree with each other as the Developer
body, why should every admin agree with all of us?
> Note that this does not imply "any service that ships enabled is buggy". It
> means only that the maintainer of the package is responsible for ensuring
> the default behavior isn't insecure or horrid. Demanding that services one
> selects for installation not be enabled out-of-the-box is not a prerequisite
> to achieving the policy goals; that has more to do with placating
> control-fetishizing admins than with ensuring secure defaults.
Well, I didn't say that it is for achieving policy goals.
> > Well, thats an opinion I can't agree less with. Yes, I accept that there
> > are special cases, but the default really should be that the admin has
> > the last word.
> Well, I don't see in what sense this is a "default". The default is what's
> shipped in the package.
Well, default was related to the mail I answered to.