On Tue, 12 Jul 2016, Nicolas George wrote: > Le quintidi 25 messidor, an CCXXIV, Don Armstrong a écrit : > > If a services default configuration is insecure, it should be fixed. > > File a bug. > > If you think about it slightly more than two seconds,
This is incredibly rude. Considering that I maintain multiple things which install daemons in Debian, I've thought about this for significantly more than two seconds. > you will realize that if the default configuration does ANYTHING, even > something that is completely harmless in 99.99% of the cases, then > there will be some cases where this is a serious issue, where the > administrator really did not want it to happen. Even if it is only > 0.01% of the cases, that is still too many. This is the endless security vs utility debate. The most secure system is a system which is completely useless. Discussing this issue in the abstract isn't particularly useful. Discussing it in particular cases (like openssh-server's configuration) is useful, and then it becomes a question of where to draw the line. There's a reason why many daemons that do start only listen on localhost. Or only listen on sockets. Or don't do anything but serve static files out of very specific directories. > I am flabbergasted too see how many people oppose the obviously > correct solution to that kind of issue: have a global option "Start > services after installing? always / ask / never". That option already exists. See policy-rc.d. For example: https://jpetazzo.github.io/2013/10/06/policy-rc-d-do-not-start-services-automatically/ -- Don Armstrong https://www.donarmstrong.com in Just- spring when the world is mud- luscious the little lame baloonman whistles far and wee -- e.e. cummings "[in Just-]"