On Fri, Mar 15, 2013 at 5:26 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
> On Fri, Mar 15, 2013 at 12:07:00PM -0400, seth vidal wrote:
>> To be fair - none of those call out to the network.
>>
>> they all act on things locally.
>
> Hmm, but the system service guidelines don't say anything about
> forbiding use of networking, only that things should not listen
> on network sockets out of the box. Either way, I think this needs
> to be clarified in the guidelines.
The guidelines will never be able to definitely answer every question.
I think the basic balance (listening on the network by default is
forbidden, enabling services on package installation by default is not
required) is correct, and there is a genuine gray zone in between.
Perhaps what we need in there is just a list of concerns to be aware
of when making the decision (e.g. security/attack surface, metered
internet connections, performance impact on the rest of the system).
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
