On Fri, Nov 19, 2010 at 4:50 PM, Dustin Kirkland wrote:
> I'm going to redraft the proposal, note that there was no general
> consensus on the matter in the ubuntu-devel@ mailing list, and ask the
> Tech Board for guidance. Thanks everyone for the lively discussion.
Thank you for the discussions
Good Morning Dustin,
On Fri, 2010-11-19 at 16:50 -0600, Dustin Kirkland wrote:
> Stephan Hermann wrote:
> > Hi Scott,
> >
> > On Fri, 2010-11-19 at 13:18 -0500, Scott Kitterman wrote:
> >> On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote:
> >> > Confirmed this on RHEL6 yesterday. I
Quoting Oliver Grawert (o...@ubuntu.com):
> the serial port should be enabled automatically if you set the console=
> boot parameter to a serial tty (i.e. console=ttyS0,115200n8) its rerally
Are you sure? Bc when I tried this just last night on a 10.04
server, I still had to create an /etc/init/t
hi,
Am Freitag, den 19.11.2010, 19:03 -0500 schrieb Marc Deslauriers:
> On Fri, 2010-11-19 at 17:11 +0100, Soren Hansen wrote:
> > On 18-11-2010 21:59, Alex Chiang wrote:
> > > I would expect that a data center set up in this manner would
> > > also have remote serial consoles to all the machines t
On Fri, 2010-11-19 at 17:11 +0100, Soren Hansen wrote:
> On 18-11-2010 21:59, Alex Chiang wrote:
> > I would expect that a data center set up in this manner would
> > also have remote serial consoles to all the machines there too,
> > using conserver or conman something similar.
>
> I wonder if th
Stephan Hermann wrote:
> Hi Scott,
>
> On Fri, 2010-11-19 at 13:18 -0500, Scott Kitterman wrote:
>> On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote:
>> > Confirmed this on RHEL6 yesterday. I installed RHEL6 in multiple
>> > different modes (minimal, default, developer workstation),
Hi Scott,
On Fri, 2010-11-19 at 13:18 -0500, Scott Kitterman wrote:
> On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote:
> > Confirmed this on RHEL6 yesterday. I installed RHEL6 in multiple
> > different modes (minimal, default, developer workstation), all of
> > which a) were runnin
On Fri, 2010-11-19 at 13:06 -0500, Scott Kitterman wrote:
> On Friday, November 19, 2010 12:40:17 pm Marc Deslauriers wrote:
> > On Fri, 2010-11-19 at 17:05 +0100, Soren Hansen wrote:
> > > On 18-11-2010 16:49, Marc Deslauriers wrote:
> > > > I want the person installing the server to actually make
On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote:
> Confirmed this on RHEL6 yesterday. I installed RHEL6 in multiple
> different modes (minimal, default, developer workstation), all of
> which a) were running sshd, b) had a root user with a password.
Yes, but RHEL6 doesn't dhcp by d
On Friday, November 19, 2010 12:40:17 pm Marc Deslauriers wrote:
> On Fri, 2010-11-19 at 17:05 +0100, Soren Hansen wrote:
> > On 18-11-2010 16:49, Marc Deslauriers wrote:
> > > I want the person installing the server to actually make the choice
> > > to install ssh in order to realize that doing so
On Fri, 2010-11-19 at 17:05 +0100, Soren Hansen wrote:
> On 18-11-2010 16:49, Marc Deslauriers wrote:
> > I want the person installing the server to actually make the choice
> > to install ssh in order to realize that doing so may have
> > consequences. ie: "Oh wait, If I install ssh now, I should
Quoting Luke Faraone (lfara...@ubuntu.com):
> On 11/19/2010 11:11 AM, Soren Hansen wrote:
> > I wonder if the no-open-ports-by-default policy applies to serial ports
> > as well? If not (which I'm guessing is the case), perhaps this is
> > something we should do set up default?
>
> I think the iss
Stephan Hermann wrote:
> Moins,
>
> On Thu, 2010-11-18 at 12:24 -0500, Luke Faraone wrote:
>> On 11/18/2010 12:04 PM, Dustin Kirkland wrote:
>> > On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson wrote:
>> >> No, it's not. In Maverick it was arguably buried. In Natty, it is the
>> >> very top entry
On 11/19/2010 11:11 AM, Soren Hansen wrote:
> I wonder if the no-open-ports-by-default policy applies to serial ports
> as well? If not (which I'm guessing is the case), perhaps this is
> something we should do set up default?
I think the issue is network services, not periphery. Enabling serial
p
On 18-11-2010 21:59, Alex Chiang wrote:
> I would expect that a data center set up in this manner would
> also have remote serial consoles to all the machines there too,
> using conserver or conman something similar.
I wonder if the no-open-ports-by-default policy applies to serial ports
as well?
On 18-11-2010 16:49, Marc Deslauriers wrote:
> I want the person installing the server to actually make the choice
> to install ssh in order to realize that doing so may have
> consequences. ie: "Oh wait, If I install ssh now, I should unplug the
> server from the network and configure ssh properl
On 18-11-2010 17:00, Serge Hallyn wrote:
> Forgive me if the answer is obvious - but how is this any
> better then than simply expecting users to click 'ssh server'
> in the tasksel window which always comes up?
From Dustin's original e-mail:
1) the current option to install SSH on Ubuntu serve
On Nov 18, 2010, at 01:05 PM, C de-Avillez wrote:
>On the other hand, having SSH installed by default will help the
>majority of corporate users: we go (either physically, or via a
>serial console), install, and then happily use SSH to configure the
>rest of the system (and get out of the -- usual
Sorry if anyone gets dupes of the message below.
I sent from a phone, and its sitting (i think) in moderator limbo.
On Nov 18, 2010, at 10:49 AM, Marc Deslauriers
wrote:
> Hello,
>
>>>
>>> Please consider that the very definition of a "server" implies that
>>> the system is running a "service"
On Nov 18, 2010, at 10:49 AM, Marc Deslauriers
wrote:
> Hello,
>
>>>
>>> Please consider that the very definition of a "server" implies that
>>> the system is running a "service". Moreover, our official Ubuntu
>>> Server images as published for the Amazon EC2 cloud are, in fact,
>>> running
Moins,
On Thu, 2010-11-18 at 12:24 -0500, Luke Faraone wrote:
> On 11/18/2010 12:04 PM, Dustin Kirkland wrote:
> > On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson wrote:
> >> No, it's not. In Maverick it was arguably buried. In Natty, it is the
> >> very top entry on the tasksel menu, and the cur
Hi Nicolas,
On Thu, 2010-11-18 at 09:24 +0100, Nicolas Barcet wrote:
> Hello Stephan,
>
> On 11/18/2010 08:20 AM, Stephan Hermann wrote:
> >
> > First of all, I think for Ubuntu Server the SSHD service should be
> > enabled by default, eventually having a question on what IP interface
> > the se
Hi,
On Thu, 2010-11-18 at 13:59 -0700, Alex Chiang wrote:
> * Dustin Kirkland :
> >
> > If you didn't get SSH installed the first time around, you're going to
> > have to mosey back down the datacenter to 'apt-get install
> > openssh-server' before you can do anything remotely with your server.
>
Clint Byrum wrote:
> On Thu, 2010-11-18 at 23:39 +, Colin Watson wrote:
>> On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote:
>>> So I see the 1st stage as just installing the minimal server, then we
>>> boot to a login prompt...user logs in and can either do his/her business
>>
On Thu, 2010-11-18 at 23:39 +, Colin Watson wrote:
> On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote:
> > So I see the 1st stage as just installing the minimal server, then we
> > boot to a login prompt...user logs in and can either do his/her business
> > as desired or launch
Excerpts from Colin Watson's message of Thu Nov 18 18:39:33 -0500 2010:
> On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote:
> > On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
> > > On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> > > > What if the Serve
* Dustin Kirkland :
>
> If you didn't get SSH installed the first time around, you're going to
> have to mosey back down the datacenter to 'apt-get install
> openssh-server' before you can do anything remotely with your server.
[...]
> But that assumes you can *get* to your server. I'm arguing th
On 11/18/2010 09:49 AM, Marc Deslauriers wrote:
>>> Q: What if the openssh-server package is compromised on the ISO?
>>> A: Although this has happened before, it is relatively rare over the
>>> history of Ubuntu. If/when this happens again, we would need to:
>>>a) recommend that people choo
On Thu, Nov 18, 2010 at 12:34:58PM -0600, Robbie Williamson wrote:
> On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
> > On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> > > What if the Server team maintained the 2nd stage? Then we'd be making
> > > life easier for you,
On 11/18/2010 03:08 PM, Mathias Gug wrote:
> Excerpts from Robbie Williamson's message of Thu Nov 18 13:34:58 -0500 2010:
>> On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
>>> On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
On Thu, 2010-11-18 at 16:04 +, Colin Wa
Stefan Potyra wrote:
> Hi,
>
> Am Thursday 18 November 2010 19:34:58 schrieb Robbie Williamson:
>> On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
>> > On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
>> > > On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
>> > > > O
Excerpts from Robbie Williamson's message of Thu Nov 18 13:34:58 -0500 2010:
> On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
> > On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> > > On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
> > > > On Thu, Nov 18, 2010 at
On Thu, 2010-11-18 at 10:57 -0600, Dustin Kirkland wrote:
> On Thu, Nov 18, 2010 at 10:00 AM, Serge Hallyn
> wrote:
> > Quoting Clint Byrum (cl...@ubuntu.com):
> >> On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
> >>
> >> >
> >> > This proposal requests that:
> >> > 1) a new prompt be
Hi,
Am Thursday 18 November 2010 19:34:58 schrieb Robbie Williamson:
> On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
> > On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> > > On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
> > > > On Thu, Nov 18, 2010 at 10:49:38
On Thu, 2010-11-18 at 16:22 +, Colin Watson wrote:
> On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> > On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
> > > On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote:
> > > > I think this screen is a good idea
Dustin Kirkland [2010-11-18 10:57 -0600]:
> On Thu, Nov 18, 2010 at 10:00 AM, Serge Hallyn
> > Forgive me if the answer is obvious - but how is this any
> > better then than simply expecting users to click 'ssh server'
> > in the tasksel window which always comes up?
>
> It's not any better, Serge
On 11/18/2010 12:04 PM, Dustin Kirkland wrote:
> On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson wrote:
>> No, it's not. In Maverick it was arguably buried. In Natty, it is the
>> very top entry on the tasksel menu, and the cursor rests on it when you
>> reach that screen.
> [snip]
>
> I would gla
On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson wrote:
> (Please, in future, do not cross-post between the moderated ubuntu-devel
> and the unmoderated ubuntu-devel-discuss. Doing so produces time lags
> which confuse people.)
Dang. Sorry, Colin. Live and learn.
> On Wed, Nov 17, 2010 at 03:38:
On Thu, Nov 18, 2010 at 10:00 AM, Serge Hallyn
wrote:
> Quoting Clint Byrum (cl...@ubuntu.com):
>> On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
>>
>> >
>> > This proposal requests that:
>> > 1) a new prompt be added to the Ubuntu Server installer
>> > 2) this prompt be dedicated to
On Thu, Nov 18, 2010 at 10:08:47AM -0600, Robbie Williamson wrote:
> On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
> > On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote:
> > > I think this screen is a good idea if in fact tasksel is moved to after
> > > the first boot.
> >
On Thu, 2010-11-18 at 16:04 +, Colin Watson wrote:
> On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote:
> > I think this screen is a good idea if in fact tasksel is moved to after
> > the first boot.
>
> We used to have a two-stage installer and it was a nightmare to maintain
>
On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
> This proposal requests that:
> 1) a new prompt be added to the Ubuntu Server installer
Having gone through the install of RHEL, SLES, CentOS, Debian, and
Ubuntu this past week, I don't think adding this is a big deal. I our
install will
Quoting Clint Byrum (cl...@ubuntu.com):
> On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
>
> >
> > This proposal requests that:
> > 1) a new prompt be added to the Ubuntu Server installer
> > 2) this prompt be dedicated to the boolean installation, or
> > non-installation, of the SSH
On Thu, Nov 18, 2010 at 10:51:29AM -0500, Scott Kitterman wrote:
> I think this seriously under values the many benifits of your proposal. The
> concern I have with defaulting a new question to yes the first time it
> appears
> is that if someone has a standard preseed they are using this will
On Thu, Nov 18, 2010 at 10:49:38AM -0500, Marc Deslauriers wrote:
> I think this screen is a good idea if in fact tasksel is moved to after
> the first boot.
We used to have a two-stage installer and it was a nightmare to maintain
for several reasons. Since we moved to a single-stage installer se
On Wednesday, November 17, 2010 04:38:53 pm Dustin Kirkland wrote:
> Q: Why not default the cursor on that question to "No", instead of "Yes"?
> A: That totally bypasses the value of this proposal, and is only
> microscopically better than what we currently have ...
Dustin,
I think this seriousl
Hello,
On Thu, 2010-11-18 at 08:00 -0600, Dustin Kirkland wrote:
> > --
> > | If you need a secure connection to this
> > | server remotely, you may wish to install
> > | the openssh-server package. Note that
> > | this service will ope
On Thursday, November 18, 2010 04:21:42 am sam tygier wrote:
> On 17/11/10 21:38, Dustin Kirkland wrote:
> > This proposal requests that:
> > 1) a new prompt be added to the Ubuntu Server installer
> > 2) this prompt be dedicated to the boolean installation, or
> >
> > non-installation, of the
(Please, in future, do not cross-post between the moderated ubuntu-devel
and the unmoderated ubuntu-devel-discuss. Doing so produces time lags
which confuse people.)
On Wed, Nov 17, 2010 at 03:38:53PM -0600, Dustin Kirkland wrote:
> I am asking for ubuntu-devel's consensus, and an eventual Ubuntu
Hello Stephan,
On 11/18/2010 08:20 AM, Stephan Hermann wrote:
> On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
>> Ubuntu has long maintained a "no open ports by default" policy. This
>> conservative approach arguably yields a more secure default
>> installation. Several exceptions hav
On 18 November 2010 08:38, Dustin Kirkland wrote:
> This proposal requests that:
> 1) a new prompt be added to the Ubuntu Server installer
> 2) this prompt be dedicated to the boolean installation, or
> non-installation, of the SSH service, as an essential facet of a
> typical server
> 3) the c
I inadvertently left ubuntu-server@ off of the original distribution.
Sorry about that. CC'ing now.
There are a few responses already in the thread:
* https://lists.ubuntu.com/archives/ubuntu-devel/2010-November/thread.html
Thanks,
Dustin
On Wed, Nov 17, 2010 at 3:38 PM, Dustin Kirkland wrot
Clint Byrum wrote:
> +1 for adding this prompt
> -1 for having it default to Yes.
I tend to agree with Clint.
The prompt gives exposure to the choice, makes a statement that you
should really consider this essential package, and sidesteps the issue
of experienced people coming from other distros
Hi Dustin,
On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
> Ubuntu has long maintained a "no open ports by default" policy. This
> conservative approach arguably yields a more secure default
> installation. Several exceptions have been granted to this policy,
> which install services
On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
>
> This proposal requests that:
> 1) a new prompt be added to the Ubuntu Server installer
> 2) this prompt be dedicated to the boolean installation, or
> non-installation, of the SSH service, as an essential facet of a
> typical server
Hi,
Firstly, I think it's great that our default experience and policy is
questioned on a regular basis. However, on this particular issue I'm
not passionate either way. For my usage, when it's not preseeded, i'm
now conditioned into installing sshd via the tasksel provided within
d-i. This
On Wed, Nov 17, 2010 at 03:38:53PM -0600, Dustin Kirkland wrote:
> Ubuntu has long maintained a "no open ports by default" policy.
https://wiki.ubuntu.com/SecurityTeam/Policies#No%20Open%20Ports
"Default installations of Ubuntu must have no listening network services
after initial install."
One p
57 matches
Mail list logo