On Wed, Aug 15, 2007 at 09:34:19PM -0700, Russ Allbery wrote: > A default install should simply not listen to the network, at which point > a firewall is pointless complexity. I believe portmap is already > listening only to localhost and inetd doesn't run if there are no services > enabled. Even if the default installation is "secure" in this sense, there are other packages in Debian that propose easy use to novice users but open up your computer quite a bit. For example just the additional selection of KDE gets you a running avahi daemon. Inexperienced users may not even notice that they put their system at a risk. It's certainly a bad idea to force something onto users they may not understand. But if a user installs a debian package that lowers his systems security there should be a big warning in the installer. -- Michel Messerschmidt lists@michel-messerschmidt.de
Attachment:
signature.asc
Description: Digital signature