On Thursday 03,March,2011 06:56 AM, Klaus Ethgen wrote: > Am Mi den 2. Mär 2011 um 23:09 schrieb Julien BLACHE: >>> Because I work in a untrusted work place and home network (public >>> networks, wifi...) I whish to purge zeroconf functionnality. > >> Looks like you want a firewall. Just sayin'. > > Ehem, no. > > A system has not to listen for any unused and unneeded services ever. A > firewall is to control services you _need_. > > All that zeroconf stuff is absolutely not needed and wanted. (By the > most users, I suppose.) > > Regards > Klaus
Actually I absolutely love the <machine>.local resolution functionality on a network (it works much better than the NetBIOS crap that can never find another machine on a network when you want it). That, and Pidgin's Bonjour support interfaces with iChat over zeroconf, allowing you to chat with users (and exchange files, perhaps?) across a network without needing to set up a centralized chatting system. I think those two functionalities are pretty useful to the end-user. Rather than blabbering about potential security issues stemming from avahi-daemon being installed and enabled on a system, how about actually finding one and reporting it? gnome-user-share does not share stuff by default as far as I can tell, and padevchooser only uses avahi-daemon for discovering extra Pulseaudio sinks on the network (it doesn't advertise its own sinks by default). An avahi-enabled system that advertises no services is pretty much as secure as the avahi-disabled system. -- Kind regards, Loong Jin
signature.asc
Description: OpenPGP digital signature