John Dennis wrote: > On 03/24/2010 06:47 AM, Jon Stanley wrote: > >> 2010/3/23<MGandra@xxxxxxxxxxxxx>: >> >> >>> 2. Need to open a port so that our program can use it to send and >>> receive data. This also should be done from RPM while installing. >>> >> Keep in mind that in the Fedora buildsystem, there will be no network >> access allowed during the build process - this defeats the purpose of >> reproducible builds if you go grab bits during the build process. I >> also agree with Manuel, you do not want to mess with iptables during >> the install - the chances for breaking something are extremely high. >> > > The general philosophy is that installing an RPM is about laying the > bits down on disk. Small modifications to system configuration are > permitted such as adding a necessary user id. However installing an RPM > should not in most cases start services or turn on features. Think about > the case where someone installs a whole bunch of RPM's just to have them > available (yes people do this) and it would be surprising to discover > their system was now highly modified running all sorts of things, their > firewall and other security features silently modified from their > expectation, that's not a good thing. > > Instead it's better for a package to install a setup script and a README > which describes what someone needs to do to activate the features in the > package. This way modifying the system configuration is an active > explicit step performed by the person administering the system. > > Agreed, you can't possibly know if your iptables change will work with my iptables setup, so you shouldn't try. Same rationale as why we don't touch databases. Where is the database? What credentials do we use? What database is even being used? -J -- in your fear, seek only peace in your fear, seek only love -d. bowie -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging