On Sun, Jun 03, 2012 at 08:21:34AM +0200, Bernhard R. Link wrote: > * Aaron Toponce <aaron.topo...@gmail.com> [120602 16:26]: > > However, I am calling into question the validity of starting a service by > > default post-install. I think it introduces security concerns, possible > > headaces on the local LAN, and just unnessary work for the administrator. > > Other than "if you don't want a service, don't install the package" > > agrument, I don't understand why services _should_ be started by default > > post-install. > > Try to see it from the other side: I don't understand why you would a > like a service not started by default.
I would like to install the software, but have my own startup procedure in many cases. Also, it's much easier to just install a package in order to start reading the man pages, than manually grabbing the package file, manually unpacking it somehwere as a user, and then manually touring the included documentation. So yes, I will most likely run the software at some point, but frequently prefer to conduct some in-depth studies first - sometimes, a Debian package deviates considerably from upstream's or other distributions' conventions. > The daemon is there to be run, so running it is the most sensible > approach in almost all cases[1]. Since we obviously can't agree on *how* the service is to be run, one could just ask the user, eg., in the case of a printing service: "I just installed the file sharing service. Do you want to start sharing immediately (will allow other people to access .... files/media/printers)?" But for a more real-world example, consider slapd, which also starts immediately, but is imho quite unlikely to be configured appropriately by Joe Average User who doesn't understand that he needs to start Samba before being able to share his files, and which is impossible to configure appropriately by answering debconf questions in the first place? > If a service comes with a default config that can be a real security > concern, then that alone needs fixing. Many services come, eg. Apache comes with it, too (and eg. grabs all sockets it can, one of my pet peeves). > As administrator I also prefer that I just have to copy a config and > install the package. Anything not run by default (or at last by > default once its configuration is complete) means I have to > tweak another config file, which is uncessary annoying work. You have to say something like '/etc/init.d/service restart', anyway, after you put your own config into place. What's so much different from saying '/etc/init.d/service start' instead, in such a case? Asking the unwitting user and providing a default answer of 'yes' should solve the problem, imho - the slightly more experienced user can then at least opt for 'no'. Kind regards, --Toni++ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120603094024.ga28...@spruce.wiehl.oeko.net