Re: Servers going online automatically?
On Tue, Dec 08, 2015 at 08:44:22PM +0000, Vesa Paatero wrote:
> Thanks for the link. Even as you admit in the article that "it is a frequent
> beef against Debian that on Debian, network services get started immediately
> after the package was installed", maybe we should keep our antennas up for
> any useful ideas to make that default/policy more visible to those whom it
> otherwise would take by surprise.
It is also part of that policy that while they're enabled by default,
their default configuration should not be secure. That is, serving
content read-only is allowed, but not read-write by default, and the
served content should not leak information either.
As an example of the latter, we ship cups with the browsing protocol
disabled by default; also, relevant policies have been changed in the
past when it was discovered that there are some packages which allow to
redirect localhost-only HTTP, so that even through such packages, the
list of packages installed could not be discovered by going to the
"/doc" alias.
If you know of more such issues, feel free to suggest more such
improvements. However, I think the policy of enabling network services
by default is a sensible one, and we should not lose it.
> .. . . Admitted, it is generally a challenging problem to have the
> right piece of documentation show up at the right time and place for
> the audience that would benefit from it.
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
Reply to: