On Sun, Feb 22, 2015 at 07:51:06PM +0100, Reindl Harald wrote: > and then comes the default firewall on F21 workstation with all > ports > 1024 open because things "have to work out of the box" Yes, this is the reason why I'm asking. If there was a restrictive firewall by default, this would not be an issue. > Am 22.02.2015 um 19:46 schrieb M. Edward (Ed) Borasky: > >Yes, I would think: > > > >a) all services should be disabled and their ports closed by default, and > >b) the documentation should describe how to enable the service and > >open the ports It's not really clear what you mean by your answer. Does "yes" mean that this *should* be allowed? Also please note that the service in question is disabled by default, and requires a 'systemctl start' to start. Is this enough? Zbyszek > >On Sun, Feb 22, 2015 at 6:04 AM, Zbigniew Jędrzejewski-Szmek > ><zbyszek@xxxxxxxxx> wrote: > >>Are Fedora packages allowed to have a default configuration in which > >>the service accepts commands from the network in the default > >>configuration? > >> > >>The daemon is not enabled by default, so the administrator has to do a > >>systemctl enable/start first. This means that just installing the > >>package does not create a problem, and an explicit admin action is > >>necessary for the daemon to start listening. Nevertheless, I'm still > >>worried that people will start the service to try it out without > >>reading the fine print and will be vulnerable to attack. I would think > >>that the Packaging Guidelines cover this, but I don't think they do. > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
