On Thu, Feb 24, 2011 at 06:32:44PM +0000, Matthew Garrett wrote: > On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote: > > On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote: > > > > > And once you've got a default set for the default install, why not just > > > do it at the package level and ensure some level of consistency? > > > > Because by enabling lots of potential vulnerable services you make it a > > PITA to use Fedora securely. A proper way would be to have some system > > setting to specify whether or not non-essential services require > > explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a > > variable that one can set to true, which ensures that all not explicitly > > enabled services won't be enabled. > > There are no essential services, which means any proposal that contains > the phrase "non-essential services" is already unimplementable. For me essential services are the services that are required to start other services. If there are no services required to boot Fedora, login as root and start other services, then I do not see any point of requiring services to be enabled by default. Regards Till
Attachment:
pgppz3Ez88UsR.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
