On 02/02/2011 10:14 PM, Bill Nottingham wrote: > Also, something has to happen when the packages are installed... Hum not following here as in why is there a need for something to happen beside the packaging getting installed? I would think that the same thing would apply here all services off so the user can shoot himself in the foot instead of us doing it for him. For an example how many of those services do we ship that the end user does not need to configure something like config file firewall etc. before starting the service? If he has the configuration know how to configure those services I think is safe to assume that he has the required knowledge to start the service by himself ;) I think that at least any service that would potentially be exposed to the network/internet/world should be turned off. For example consider how it affects the overall security of the user instalment if we accidentally would ship a bad iptables update that would result in iptables being turned off? ( Goes without saying that if you aren't exposing anything to the internet you don't need iptables ) How secure/correctly configured are those service by default encase that happens? I would think that anything we as an distribution have the responsability that anything we expose network/internet/world in general is as correctly/securely configured as possible when we hand that service to the end user what he does with it after he receives it is his responsibility.. Just a few pointers to keep in mind... > not > everything is a live spin. The live spins can, of course, adjust what > they need to. > Certainly JBG -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
