zbyszek wrote: > [...] > Clarification: this change did not touch this part of the policy: that > definition got copied over from the guidelines [1]. [...] (The previous wording said a package that "...does not listen on a network socket..." can be enabled by default, which was a broader restriction and thus more secure.) > Nevertheless, you raise an interesting question in general. The way > I understand the motivation for the restriction is to avoid any > chance of attack or unexpected access over the network. [...] OK, so the question is - are we (still) trying to preclude -local- escalation-of-privileges type problems? If not, then many more services can be enabled by default - as long as they bind only to unix-domain sockets and/or localhost. (I guess we're not supposed to count on the default firewalls?) - FChE -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
