On Tue, 17 Apr 2018, Zbigniew Jędrzejewski-Szmek wrote: > Services which are subject the guidelines allow to be enabled by > default should be such that starting them briefly should not cause > any permanent effects. Some 'real world' data, from a unit that was deployed this morning at 2018-04-17 10:30:17 VM Created herrold@xxxxxxxxxxxx New VM ordered This email sent at 1623 Last failed login: Tue Apr 17 16:22:11 EDT 2018 from 61.177.172.63 on ssh:notty There were 1354 failed login attempts since the last successful login. [root@pl085086017 ~]# so about 6 hours and 1354 probes -- 200 an hour on average That 'window' of open-ness to probers, except for the fact that we blow in 'keyed access only' late in the install process by automation, would not constitute: starting them briefly should not cause any permanent effects I think it proposes to needlessly exposes a unit in an un-patched state, to being taken over -- Russ herrold _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
