sgallagh wrote: > [...] > The definition of "public" was intentionally vague, but perhaps we > could try to find a better way to say it. I was trying to treat it as > "network interfaces that accept connections from arbitrary sources".
OK ... > I'm not sure that there's a tremendously meaningful distinction to be > made between allowing services that listen on D-BUS or a local UNIX > socket and services that listen on the localhost TCP socket [...] Indeed. > I'd personally prefer to assume the best intentions of our packagers; > specifically I'd assume that if there's a question as to the safety of > starting something by default, either they'd bring it up voluntarily or > someone would do so on their behalf if a problem was discovered. This is not about trusting the code or intentions of the packagers. This is about what threat model are we expected to protect against by not activating e.g. all services by default. Specifying that would help clear up -why- the change, and that will in turn inform -how- to change. - FChE -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
