On Thu, Feb 24, 2011 at 06:32:44PM +0000, Matthew Garrett wrote: > On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote: > > On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote: > > > > > And once you've got a default set for the default install, why not just > > > do it at the package level and ensure some level of consistency? > > > > Because by enabling lots of potential vulnerable services you make it a > > PITA to use Fedora securely. A proper way would be to have some system > > setting to specify whether or not non-essential services require > > explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a > > variable that one can set to true, which ensures that all not explicitly > > enabled services won't be enabled. > > There are no essential services, which means any proposal that contains > the phrase "non-essential services" is already unimplementable. > You've said this many times and it seems that you do it to be obstructionist. The constructive way to deal with this is to start making a list of what people really mean by "essential" and then propose alternate words to use. I think, by essential, some people mean: start the bare minimum so I don't have to start any additional services to: ... I don't want anything but init and a shell [*] ... log into a getty ... log in over the network ... log into a desktop ... do any client-side operations [*] This one (but not limited to this one) also specifies that additional services would be started, just not by packaging. ie: the installer or something else will start additional services independent of packaging. I'll note that with both traditional SysV runlevels and the set of systemd targets that we'll give to people in F15, we can have multiple defintions of what services to start as well. The rescue target (formerly runlevel 1) would be different from the multi-user target would be different from the graphical target. -Toshio
Attachment:
pgp_LuSdm6dEW.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
