Re: systemd requires HTTP server and serves QR codes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 8, 2012 at 7:39 PM, Miloslav Trmač <mitr@xxxxxxxx> wrote:
> On Mon, Oct 8, 2012 at 7:59 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
>> On Mon, Oct 08, 2012 at 07:37:42PM +0200, Miloslav Trmač wrote:
>>> We support a "minimal installation" target
>>> (https://fedoraproject.org/wiki/Features/MinimalPlatform ), and this
>>> really doesn't seem like something that should be included, for the
>>> same reason we don't ship a disabled-by-default ident or httpd in the
>>> minimal installation.
>>
>> I'm for a minimal installation. Let's be clear: what's the reason?
>
> 1) Ability to review - it much easier to verify security/sanity of
> files that are not there at all than of files that are present but
> supposedly unused.
> 2) Risk of enabling the service by mistake (which, given that
> journal-gatewayd will happily serve private log data to the whole
> internet AFAICS, is has a pretty bad impact in this particular case).
> 3) Overhead/downtime associated with upgrades of unused components
> (which wouldn't apply for a systemd subpackage here, but would apply
> to libmicrohttpd).
> 4) Disk space

And if it's only listening on localhost by default there's not much
point of it running on a server where there's no easy means of doing
so.

I would like to see it split into a sub package even if the subpackage
is installed by default. I think for people like this there should be
the ability to easily completely opt out (ie remove it) to completely
remove any option of compromise if they wish to do so. There's a lot
of platforms and auditors that wouldn't want this installed at all
(whether it be Fedora or RHEL) due to security risks whether it be a
valid opinion or not (ever had to deal with PCI-DSS auditors?).

Peter
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux