Re: SecurityPortal Review of Potato
On Wed, Aug 30, 2000 at 09:17:13AM -0400, Michael Stone wrote:
> On Wed, Aug 30, 2000 at 07:22:07PM +1000, Anthony Towns wrote:
> > I find myself shocked and horrified (well, surprised, anyway) that he's
> > actually right about the latter services being enabled. It appears that
> > rsh-server is depended upon by rstartd (the preferred alternative to ssh,
> > according to the dependencies, and hence apt), and rstartd is in the
> > x-window-system task.
>
> I've argued before that we shouldn't ship any daemons by default and got
> shouted down. Hats off if you can convince people that the ease of use
> of features most people neither want nor need should take a back seat to
> security.
I wish it was easier to have a daemon installed, but have it not started by
default. e.g. I want to have NFS stuff installed, in case I want to cook up
some hack (not crack) and use it for something, but I don't want to have it
running all the time. I can remove the symlinks from /etc/rc2.d, but when
the package is upgraded, the upgrade script runs the start script after
the upgrade, even if the daemons weren't running before.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: