On Sun, Feb 27, 2011 at 11:13:44PM +0100, Till Maas wrote: > On Sun, Feb 27, 2011 at 07:21:30PM +0000, Matthew Garrett wrote: > > No, but it does mean that what you're proposing would involve adding > > functionality to Anaconda. The current situation is that the services > > that are started when the respective package is installed and the > > services that are enabled by default by the Fedora installer *are* the > > same. > > You wrote that Anaconda already has the code to active services, so > there is no additional functionality needed. Only the list of services > to be enabled needs to be extended. Anaconda obviously has the code to activate services, given that you can do so with Kickstart. But there's no mechanism for a set of packages to be provided in order to allow a per-spin set of defaults. You'd need to write code for parsing a configuration file of some description and you'd need to provide a way to get those files into each spin's Anaconda image. The multipathd case is one that's explicitly special-cased in the storage code. > Nevertheless, this is a lot cleaner solution that having to recommend > to users of Fedora to not install packages on systems on a network or > with non-admin users logged in to avoid potential security risks > because services might activate themselves. What's the policy you actually want here? If it's "Services shouldn't start by default" then your solution obviously satisfies that, but if it's "Packages should not install anything that runs with elevated privileges unless the user explicitly enables them" then it doesn't. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel