On Fri, 20 Nov 2009, Bill Nottingham wrote: > Benny Amorsen (benny+usenet@xxxxxxxxxx) said: > > > If there are pkgs which run daemons which are defaulting to ON when > > > installed or on next reboot - then we should be auditing those pkgs. > > > Last I checked we default to OFF and that should continue to be the > > > case. > > > > Is there a blanket prohibition on daemons defaulting to ON or are some > > (presumably considered vital) daemons exempt? I ask because cronie > > defaults to ON. > > It's not a blanket prohibition. (See also opensshd, rsyslog, etc.) IOW, a typical user really has no idea what "install signed fedora packages" means in terms of security. It doesn't matter how good the GUI looks and operates if people can't understand what it means. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
