On Wed, 2011-04-27 at 13:49 -0500, Greg Swift wrote: > On Wed, Apr 27, 2011 at 12:15, Jan-Frode Myklebust <janfrode@xxxxxxxxx> wrote: > > On Wed, Apr 27, 2011 at 09:50:11AM -0500, Greg Swift wrote: > >> > >> I am not saying it is required to be compliant, I'm saying that it is > >> syntactically correct. I may be wrong, but I hold to what I say. In > >> the old chkconfig method you defined start and stop order, and orders > >> it should be on in when enabled. Why would you not do the same in the > >> new? > > > > YouÂre not doing the same in new and old. In the old method you define > > start and stop order, yes, but you donÂt define which runlevels it should > > default start/stop in (notice the "-" in the chkconfig line). > > Okay.. func/certmaster don't seem to, you are correct. I was basing > my statement on every time I've written a init script. I didn't write > these. And the fact that we weren't doing it for the old chkconfig > header didn't click in my head. > > > > > > Also, the recommendation for fedora packaging says about Default-Start: > > > > Each Fedora SysV-style initscript which needs to start by default in any > > runlevel must include this line in the LSB Header, and it must match the > > list of runlevels defined for startup in the Chkconfig header. Only > > services which are really required for a vital system should define > > runlevels here. > > > > Ref: > > http://fedoraproject.org/wiki/Packaging/SysVInitScript#.23_Default-Start:_line > > Since the Fedora guidelines are more specific about this than LSB, and > define which of the two ways I mentioned earlier to address this, then > thats fine, we can follow them. > > > > > The reason IÂm objecting is both that I think this is a bad default > > security wise (principle of least surprise -- it surprised me that a > > func dependency suddenly installed a network listening daemon that > > func didnÂt need), and also it forces me to add logic to work around > > this when deploying minions trough puppet. > > I agree that we needed to make sure it isn't starting something just > because it installed certmaster (or func for that matter). It is a > problem, and needs to be resolved. > > seth, do you see any problem with removing the default-start and stop > lines from the init scripts? nope. -sv _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
