On Sat, Jul 21, 2001 at 08:51:23PM -0700, Jacob Meuser wrote: <snip>
> No, I'm simply saying not to start services immediately. <snip> Well, I'm going to wade into this growing flamewar to point out what I think is a sound idea. The trouble with the current system is that installed daemons automatically start running with a default configuration. This is not always bad, but does not allow a paranoid sysadmin to protect themselves (short of ugly workarounds like taking down the network interface until the server is shut off). I think that there should be a way to install a debian server packages without having the installation scripts start the server. This need not be default, but it should be possible. I'm sure there are many ways this could work. Perhaps: [EMAIL PROTECTED]:/etc# apt-get install --no-run apache would download, install and configure apache, but not run it. When the sysadmin was satisfied with the configureation files, etc, then update-rc.d and such could be run by hand (or by another call to apt-get/dpkg with another flag). This would have to be both a policy change and a technical change in apt and/or dpkg. I think it would be a good compromise between security and the simplicity of apt-get install foo. -- Steven Barker [EMAIL PROTECTED] Perhaps, after all, America never has been discovered. I myself would say that it had merely been detected. -- Oscar Wilde PGP Key Fingerprint: 1A33 9F2E 368D 24B1 81D4 60BF E928 9E28 958F 2058