Am 22.02.2015 um 19:46 schrieb M. Edward (Ed) Borasky:
Yes, I would think: a) all services should be disabled and their ports closed by default, and b) the documentation should describe how to enable the service and open the ports
and then comes the default firewall on F21 workstation with all ports > 1024 open because things "have to work out of the box"
On Sun, Feb 22, 2015 at 6:04 AM, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote:Are Fedora packages allowed to have a default configuration in which the service accepts commands from the network in the default configuration? The daemon is not enabled by default, so the administrator has to do a systemctl enable/start first. This means that just installing the package does not create a problem, and an explicit admin action is necessary for the daemon to start listening. Nevertheless, I'm still worried that people will start the service to try it out without reading the fine print and will be vulnerable to attack. I would think that the Packaging Guidelines cover this, but I don't think they do.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
