On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote: > And once you've got a default set for the default install, why not just > do it at the package level and ensure some level of consistency?
Because by enabling lots of potential vulnerable services you make it a PITA to use Fedora securely. A proper way would be to have some system setting to specify whether or not non-essential services require explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a variable that one can set to true, which ensures that all not explicitly enabled services won't be enabled. It is pretty easy to notice that a wanted service does not run compared to notice that an unwanted/unused service suddenly runs, because an innocent looking package has been installed. This is a trap that is usually set on Debian systems which everyone I know who uses Debian dislikes. Regards Till
pgpt277hh9hZz.pgp
Description: PGP signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
