On Thu, Feb 24, 2011 at 10:42:54AM -0500, Colin Walters wrote: > On Thu, Feb 24, 2011 at 10:32 AM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > > "May" as in "Are allowed to". It's always going to be the package > > maintainers call in the end - we're not going to mandate it. > > Okay; it's not worth going through the details if you guys already > discussed and rejected it, we've lived for years with the status quo > and this is basically just documenting it. > Actually, this policy is a large departure to the status quo. The standard has pretty much been "off by default unless you're an old package from RHL that was on or you slip it by your reviewer." I think that the intention of the old policy (I believe there was an explicit policy about this in Fedora.us but mschwendt or someone who has a better memory than I could correct me there) was that only essential services were on by default to minimize security risk (not just remote exploits, but local exploits as well), to minimize resource usage, and to put the system administrator in charge of their environment (as Till Maas has pointed out, he has a lot of server software installed but not running unless he needs it for a particular task.) The draft policy that FESCo has up is much broader than that. For instance, "If a service does not require configuration to be functional and is not network enabled, it may be enabled by default (but is not required to do so)." Includes things such as apache and mysql if we ship them with a configuration that only listens on localhost. This isn't necessarily a bad thing (although speakingfor myself, I lean towards your view of everything off in packaging and then turn things on at the installer/spin creator/kickstart/etc level) but it is a large policy shift, not just a statement of the status quo. -Toshio
Attachment:
pgprPFYZJIM1P.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
