Re: jessie release goals
On 2013-05-07 00:52:03 +0800, Thomas Goirand wrote:
> On 05/06/2013 10:08 PM, Christoph Anton Mitterer wrote:
> > The usually come only with a default config which may not be hardened
> > enough for the local system, and that short time may already be enough
> > for an attacker to attack.
> If the default config isn't hardened enough, fix the default config.
This can be fine for some daemons/servers. For instance, for a web
server, displaying a default web page is harmless. But what about a
mail server? Any default config would probably lead to loss of mail
if things like virtual alias domains are used.
Vincent Lefèvre <email@example.com> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)