Servers going online automatically?

To: "debian-policy@lists.debian.org" <debian-policy@lists.debian.org>
Subject: Servers going online automatically?
From: Vesa Paatero <vesapaatero@yahoo.com>
Date: Sat, 5 Dec 2015 20:27:56 +0000 (UTC)
Message-id: <[🔎] 1224741141.15941881.1449347276516.JavaMail.yahoo@mail.yahoo.com>
Reply-to: Vesa Paatero <vesapaatero@yahoo.com>
References: <1224741141.15941881.1449347276516.JavaMail.yahoo.ref@mail.yahoo.com>

Hi! I'd discuss Debian's policy about server packages (e.g. pure-ftpd) going online automatically after "apt-get install" (and a reboot) without informing the operator.

I read somewhere that it's an old Debian tradition that server packages behave do that. However, since the documentation of those packages doesn't necessarily give the user a clue about that behavior, servers with unwanted configuration (possibly half-configured) may occasionally go online inadvertently, which can be a security risk.


Now, I am not expecting to get that policy changed just like that but would it be a good idea to mandate some documentation, perhaps a notification to the package description, for those packages that expose such an interface to the world without user interaction?


Regards,
Vesa

Reply to:

Follow-Ups:
- Re: Servers going online automatically?
  - From: Marc Haber <mh+debian-policy@zugschlus.de>

Prev by Date: Bug#806993: ftp-master-mirror is not on ries.d.o anymore
Next by Date: Re: Servers going online automatically?
Previous by thread: Bug#806993: ftp-master-mirror is not on ries.d.o anymore
Next by thread: Re: Servers going online automatically?
Index(es):
- Date
- Thread