On Sat, Aug 31, 2019 at 6:37 PM, Nico Kadel-Garcia <nkadel@xxxxxxxxx>
wrote:
If 30 years in DevOps and system security in both large and small
networks count for anything, this makes *complete* sense. The
distinction between a "Workstation" deployment and a "Server" or
"Everything" deployment should not include leaving the Workstation
completely vulnerable to the most casual script kiddie attacks after
they install *any* services, especially including MySQL, DNS, Samba,
or Tomcat, Jenkins, or anything else.
Well that's why installed network services are disabled by default in
Fedora, unless the package receives an exception from FESCo. This isn't
Debian where installing a package is expected to result in the service
being up and running. If you 'systemctl start' your service and the
firewall breaks it, that's just annoying.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
