On 06/14/2012 04:19 PM, Stanislav Ochotnicky wrote:
Quoting Michal Schmidt (2012-06-14 15:10:56)
Is a running jetty really _that_ dangerous? Why do we ship it at all
then? ;-)
Why do we ship Apache, tomcat and tens (hundrets?) of other useful
packages? Jetty unlike most packages _is_ remotely accessible so the
attack surface is rather large.
If you wrote that in a jest, then sorry but I don't take my mistake that
could compromise security of Fedora's users that lightly.
I thought the winking smiley gave it away.
But there is a basis for my jesting comment: It's great that you take
security seriously, but I believe you're over-estimating the danger of
the running service.
Fedora has a firewall enabled by default. And I trust that the service
receives any applicable security updates. The users' systems are not
compromised.
Michal
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
