On Thu, Sep 25, 2003 at 08:19:43AM +0200, Stefano Salvi wrote: > I think thisi is not wise:
Only because you misunderstand my idea. > - Why I must have services installed that I cannot use (are not started by > default)? I didn't say anything about not starting by default. I said that they would not start immediately upon installation. Think about it. You apt-get install squid. What's the point of it being started immediately, before you've had a chance to configure it? > - Why I must have services installed that I don't need? The scope of this discussion has grown broader since it began. Initially, we were talking about only things that are installed by default. But since then Mike Stone has brought up issues that arise even if a user explicitly and manually installs a package. > - If I have a security choice as you suggest, I have a great probability to > set high security and next not be able to have services running (how about > selecting which services I want to be run by default?) That is why I suggested something simple. It doesn't require any configuration at all, unlike Mike's default firewall idea. My idea is simply that network services are not started immediately upon installation. Any time after that, they function exactly as they always have. > I think the best choice is to leave in the default installation (where I > select nothing in Tasksel and don't run dselect) the very minimum services > needed, leaving to the user (tasksel is made for this) the choice to add > the requested services. I agree that inetd, portmap, rpc.statd, and an MTA should not run by default. noah
pgp00000.pgp
Description: PGP signature
