Yes, I would think: a) all services should be disabled and their ports closed by default, and b) the documentation should describe how to enable the service and open the ports On Sun, Feb 22, 2015 at 6:04 AM, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > Are Fedora packages allowed to have a default configuration in which > the service accepts commands from the network in the default > configuration? > > The daemon is not enabled by default, so the administrator has to do a > systemctl enable/start first. This means that just installing the > package does not create a problem, and an explicit admin action is > necessary for the daemon to start listening. Nevertheless, I'm still > worried that people will start the service to try it out without > reading the fine print and will be vulnerable to attack. I would think > that the Packaging Guidelines cover this, but I don't think they do. > > Zbyszek > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- OSJourno: Robust Power Tools for Digital Journalists http://www.znmeb.mobi/stories/osjourno-robust-power-tools-for-digital-journalists Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
