On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote: > On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote: > > > And once you've got a default set for the default install, why not just > > do it at the package level and ensure some level of consistency? > > Because by enabling lots of potential vulnerable services you make it a > PITA to use Fedora securely. A proper way would be to have some system > setting to specify whether or not non-essential services require > explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a > variable that one can set to true, which ensures that all not explicitly > enabled services won't be enabled. There are no essential services, which means any proposal that contains the phrase "non-essential services" is already unimplementable. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
