Hi, isn't it a bit insecure to start puppet by default? If someone can manipulate DNS replies, he should be able to take over the computer: just respond to a DNS query for "puppet" with the address of a hostile puppetmaster and let puppetd connect to it (please correct me if I am wrong here). If the client did not connect to another puppetmaster before, it would trust the server thus enabling an attacker to take over the computer.
This might be a problem if someone installs puppet w/o configuring it properly. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org