[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A few observations about systemd

On Mon, Aug 01, 2011 at 12:14:31PM +0200, Marco d'Itri wrote:
> > Making the "do not start by default" policy default for the distro should
> > improve out-of-box security.
> When I install a package I want to actually use it.
> A better security policy is to not install by default useless packages.

What is "use"? For example rsync package provides both "rsync" client and
rsync daemon. Both cases are "use", right?

Another example is dovecot-imapd. It's possible to use it in
preauthenticated mode. In such case no system-wide daemon is required and
mail client should just start imapd and talk with it using stdin/stdout.

Also some services may be needed only sometimes (like ejabberd on laptop
when developing some XMPP stuff). 

Or "tor" package that also provides system-wide tor daemon. At the same
time it's possible to use tor individually by every user and start it only
when needed. At least on laptops.

WBR, Dmitry

Attachment: signature.asc
Description: Digital signature

Reply to: