On Thu, Sep 25, 2003 at 08:19:43AM +0200, Stefano Salvi wrote:
> I think thisi is not wise:

Only because you misunderstand my idea.

> - Why I must have services installed that I cannot use (are not started by 
> default)?

I didn't say anything about not starting by default.  I said that they
would not start immediately upon installation.  Think about it.  You
apt-get install squid.  What's the point of it being started
immediately, before you've had a chance to configure it?

> - Why I must have services installed that I don't need?

The scope of this discussion has grown broader since it began.
Initially, we were talking about only things that are installed by
default.  But since then Mike Stone has brought up issues that arise
even if a user explicitly and manually installs a package.

> - If I have a security choice as you suggest, I have a great probability to 
> set high security and next not be able to have services running (how about 
> selecting which services I want to be run by default?)

That is why I suggested something simple.  It doesn't require any
configuration at all, unlike Mike's default firewall idea.  My idea is
simply that network services are not started immediately upon
installation.  Any time after that, they function exactly as they always
have.

> I think the best choice is to leave in the default installation (where I 
> select nothing in Tasksel and don't run dselect) the very minimum services 
> needed, leaving to the user (tasksel is made for this) the choice to add 
> the requested services.

I agree that inetd, portmap, rpc.statd, and an MTA should not run by
default.

noah

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to