On Fri, Feb 13, 2015 at 11:37 PM, Ryan S. Brown <ryansb@xxxxxxxxxx> wrote: > On 02/13/2015 11:25 AM, Frank Ch. Eigler wrote: >> "Ryan S. Brown" <ryansb@xxxxxxxxxx> writes: >> >>> [...] In January, the Fedora rawhide package for mongo[2] was >>> changed to listen on all interfaces by default [...] To help >>> protect users, I think the default should be changed back to >>> localhost only. [...] >> >> We have a slew of network-servers in the fedora distribution. >> Apprx. none of them are supposed to be turned on just by virtue of rpm >> installation (so, require an explicit systemctl enable), and apprx. >> none of them get through the system-default firewalld setup. The >> out-of-the-box risk is therefore nil. > > As far as the firewall setup: if they wouldn't get through the firewall, > then there's already extra configuration for operators that want to make > it available to everyone. Why not also have it listen by default on > localhost as an additional safety measure. Especially since *that's how > it is in all current releases*. There's no benefit to moving away from > the (sane) default of localhost-only. Indeed. If you want to use the service over the network you'd have to configure it anyways (and set passwords, keys etc.) so asking the admin to additionally enable "listen on interface X" is not unreasonable. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
